10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Dear All,
Can someone help to command or program to transfer the file from windows to Unix server and from one unix server to another Unix server in secure way.
I would request no samba client. (4 Replies)
Discussion started by: yadavricky
4 Replies
2. Solaris
How can we make rdist to work over ssh? By default rdist works with rsh protocol which is now the host server is refuses to accept the rsh connection. How to find rdist version which I am running? How to upgrade it to latest version?
Working environment is solaris 9 and solaris 10. (1 Reply)
Discussion started by: naveenjami
1 Replies
3. UNIX for Dummies Questions & Answers
Hello All,
My Problem is -> How can we get UNIX id from open mail authentication (Windows ID) in UNIX.
In following command we are using domain name, which may change in your reference.
As, if we use following command.
ypcat passwd | grep rohitp | cut -d: -f5 | cut -d, -f1
=> we get... (0 Replies)
Discussion started by: pandey.rohit
0 Replies
4. HP-UX
Hello,
I am looking for either the rdist binaries or code for HPUX 11.11.
Thanks (1 Reply)
Discussion started by: rfisher001
1 Replies
5. Windows & DOS: Issues & Discussions
Can anyone tell me if there is a possibility to connect WindowsXP to Unix by means of an X-Window?
I want to do this graphical but I can't find a client with a reasonable pricetag on it. We now use WRQ Reflection to connect to a character-based programm on the unix box. But I would like to do... (2 Replies)
Discussion started by: fwalda
2 Replies
6. UNIX for Advanced & Expert Users
I am trying to synchronize to boxes running True64 Unix one as a live backup of the other for user directories.
When running rdist, I receive the message "Permission Denied" when each directory is accessed with the sole exception of my own directory.
This has to be an automated process which... (1 Reply)
Discussion started by: doug_hutch
1 Replies
7. UNIX for Dummies Questions & Answers
i recently install redhat linux as a dual boot with win2000. after i log in my unix account. i tried to get window unix by typing startx or xinit. both gave me error. display message among other thing was something like fatal error. any help?
thanks (12 Replies)
Discussion started by: bb00y
12 Replies
8. UNIX for Advanced & Expert Users
Does anyone know of any known bugs/issues with the RDIST utility on HP unix?
I am trying to set up replication between two servers. All seems to work okay to start with, but the rdist program always terminates with a value of 1 - i.e. signifying an error. However - no error message or even warning... (1 Reply)
Discussion started by: man_with_no_nam
1 Replies
9. IP Networking
Is there any way that I could invoke a Win NT application in a UNIX environment?
Needed to do this to direct the output of an Win NT application to a UNIX program, and then back again. Furthermore, because there's a large amount of processing to be done, it will be great if I could do this... (1 Reply)
Discussion started by: Norman N
1 Replies
10. UNIX for Dummies Questions & Answers
Hi i am new to Unix and i was wondering if you could help me with 2 problems i have?
Firstly i use Telnet to connect to my main server unix-shells.com and i want to know how i can use the "window" program?
i understand how it works but i want to be able to easily make new windows and hide the... (1 Reply)
Discussion started by: ditoa
1 Replies
krb5_auth_rules(5) Standards, Environments, and Macros krb5_auth_rules(5)
NAME
krb5_auth_rules - overview of Kerberos V5 authorization
DESCRIPTION
When kerberized versions of the ftp, rdist, rcp, rlogin, rsh, telnet, or ssh clients are used to connect to a server, the identity of the
originating user must be authenticated to the Kerberos V5 authentication system. Account access can then be authorized if appropriate
entries exist in the ~/.k5login file, the gsscred table, or if the default GSS/Kerberos authentication rules successfully map the Kerberos
principal name to Unix login name.
To avoid security problems, the ~/.k5login file must be owned by the remote user on the server the client is attempting to access. The file
should contain a private authorization list comprised of Kerberos principal names of the form principal/instance@realm. The /instance vari-
able is optional in Kerberos principal names. For example, different principal names such as jdb@ENG.ACME.COM and
jdb/happy.eng.acme.com@ENG.ACME.COM would each be legal, though not equivalent, Kerberos principals. The client is granted access if the
~/.k5login file is located in the login directory of the remote user account and if the originating user can be authenticated to one of the
principals named in the file. See gkadmin(1M) and kadm5.acl(4) for more information on Kerberos principal names.
When no ~/.k5login file is found in the remote user's login account, the Kerberos V5 principal name associated with the originating user is
checked against the gsscred table. If a gsscred table exists and the principal name is matched in the table, access is granted if the Unix
user ID listed in the table corresponds to the user account the client is attempting to access. If the Unix user ID does not match, access
is denied. See gsscred(1M).
For example, an originating user listed in the gsscred table with the principal name jdb@ENG.ACME.COM and the uid 23154 is granted access
to the jdb-user account if 23154 is also the uid of jdb-user listed in the user account database. See passwd(4).
Finally, if there is no ~/.k5login file and the Kerberos V5 identity of the originating user is not in the gsscred table, or if the gsscred
table does not exist, the client is granted access to the account under the following conditions (default GSS/Kerberos auth rules):
o The user part of the authenticated principal name is the same as the Unix account name specified by the client.
o The realm part of the client and server are the same, unless the krb5.conf(4) auth_to_local_realm parameter is used to create
equivalence.
o The Unix account name exists on the server.
For example, if the originating user has the principal name jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM, the client would
be denied access even if jdb is a valid account name on the server. This is because the realms SALES.ACME.COM and ENG.ACME.COM differ.
The krb5.conf(4) auth_to_local_realm parameter also affects authorization. Non-default realms can be equated with the default realm for
authenticated name-to-local name mapping.
FILES
~/.k5login Per user-account authorization file.
/etc/passwd System account file. This information may also be in a directory service. See passwd(4).
ATTRIBUTES
See attributes(5) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gkadmin(1M), gsscred(1M), kadm5.acl(4), krb5.conf(4), passwd(4), attributes(5),
gss_auth_rules(5)
SunOS 5.11 07 Apr 2006 krb5_auth_rules(5)