Solaris 9 Authentication

  • Permalink
  • submit to reddit
  • Email
  • Follow


Configuration:
MIT Kerberos 1.4
Solaris 9 Master
Solaris 9, MAC OSX, & PC Clients
/usr/lib/ssh/sshd daemon using pam_krb5.so.1
Pre-Auth enabled

Issue:
MAC and PC clients using ssh authenticate successfully against Solaris 9 
servers and Kerberos system.
ssh -l <username> <hostA>
<username>@<hostA> Password: <Enter Kerberos Password>
Last login: Wed Jun 29 08:26:47 2005 from <client host>
motd message
$

Solaris 9 clients get the following error when using Kerberos 
authentication:
ssh -l <username> <hostA>
<username>@<hostA> Password: <Enter Kerberos Password>
Permission denied, please try again.
<username>@<hostA> Password: <Enter Shadow Password>
Last login: Wed Jun 29 08:26:47 2005 from <client hostA>
motd message
$

Master kdc.log:
Jun 29 08:43:55 <master kerberos server> krb5kdc[10062](info): AS_REQ (2 
etypes {3 1}) <hostA ip address> PREAUTH_FAILED: <username@REALM> for 
krbtgt@REALM, Decrypt integrity check failed

Steve
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
Reply scanell (9) 6/29/2005 4:17:20 PM

See related articles to this posting


Since ssh authentication is taking place on the SUN server, I took a 
copy of the keytab file from the Master kerberos server and placed it 
place of the one created by running ktadd on hostA... now hostA has a 
copy of the kadm5.keytab from the Master server.

Once I did this (and this was the same for the SLAVE Kerberos server), 
then pre-auth works and I was able to sign in to hostA from another 
Solaris box.

Can anyone tell me why this works... I am presuming it has something to 
do with local authentication on hostA that requires the keytab file from 
the Master where the ticket was originally created and thus the keytab 
has the data necessary for decryption.

Steve

scanell wrote:

> Configuration:
> MIT Kerberos 1.4
> Solaris 9 Master
> Solaris 9, MAC OSX, & PC Clients
> /usr/lib/ssh/sshd daemon using pam_krb5.so.1
> Pre-Auth enabled
>
> Issue:
> MAC and PC clients using ssh authenticate successfully against Solaris 
> 9 servers and Kerberos system.
> ssh -l <username> <hostA>
> <username>@<hostA> Password: <Enter Kerberos Password>
> Last login: Wed Jun 29 08:26:47 2005 from <client host>
> motd message
> $
>
> Solaris 9 clients get the following error when using Kerberos 
> authentication:
> ssh -l <username> <hostA>
> <username>@<hostA> Password: <Enter Kerberos Password>
> Permission denied, please try again.
> <username>@<hostA> Password: <Enter Shadow Password>
> Last login: Wed Jun 29 08:26:47 2005 from <client hostA>
> motd message
> $
>
> Master kdc.log:
> Jun 29 08:43:55 <master kerberos server> krb5kdc[10062](info): AS_REQ 
> (2 etypes {3 1}) <hostA ip address> PREAUTH_FAILED: <username@REALM> 
> for krbtgt@REALM, Decrypt integrity check failed
>
> Steve
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
Reply scanell (9) 6/29/2005 9:41:17 PM
comp.protocols.kerberos 5393 articles. 1 followers. Post

1 Replies
172 Views

Similar Articles

[PageSpeed] 24


  • Permalink
  • submit to reddit
  • Email
  • Follow


Reply:

Similar Artilces:

Authenticating via Kerberos in SSH on Solaris 9
Greetings All, I have been making good progress in getting Kerberos to work on Solaris 9 and Windows AD. I have it working very well from the console. Problems arise when I use SSH. I have my pam.conf configured as follows for SSH which is identical to login sshd auth sufficient pam_unix_auth.so.1 sshd auth required pam_krb5.so.1 try_first_pass debug When I connect to SSH it does an initial call to the DC before I even enter my password, like so Jan 4 10:03:48 snoopy sshd[19516]: [ID 655841 local6.debug] PAM-KRB5 (auth): pam_sm_authenticate flags=1 Jan 4 10:...

LDAP authentication Solaris 8-9 SunOne
Hi, I want to centralize our useraccounts to a ldap-server. Therefore i want to use the SunOne (iPlanet) Directory Server (inkl. license). Is there anywhere a good documentation? i need information on: -> installation / configuration -> redudancy ldap server (synchronisation) -> PAM-authentication? -> secure communication solaris --> LDAP -> LDAP schema for Solaris? thanks in advance, mike Perhaps a little OT but... having done something similar recently, we found this combination a lot easier to live with... http://www.openldap.org/ (...replication was almost trivi...

Authentication problems using Telnet on Solaris 9
I'm trying to authenticate to our W2K domain controllers from my UNIX box running Sun's kerberos distribution (SEAM) on a Solaris 9 box. When I try lo login using my domain logon, I get the following error authentication failed: Unknown code 2 in /var/adm/messages the following message is also logged Sep 3 13:38:03 smithwe1-unix login: [ID 537602 auth.error] PAM-KRB5 (auth): krb5_verify_init_creds failed: Unknown code 2 I've done some searching and found some info indicating possible problems like this on Solaris 9 but so far no resolution. FWIW, when I run kinit, I can...

HELP !! SSH Authentication Problem at a Solaris 9 server
We have installed the following "ssh" binary successfully at all of our Sun Solaris 2.8 and 9 servers. PKGINST: SSHssh2 NAME: SSH Tectia(tm) Server VERSION: 4.1.0.34 All work OK except atlanta, our Solaris 9 server. We are getting the following authentication failed message and can't ssh to it at all : $ ssh atlanta warning: Authentication failed. Disconnected (local); no more authentication methods available (No further authentication methods available.). In atlanta server, we have the following processes running : root 736 1 0 Aug 22 0:00 /usr/l...

putty 0.56 and passwordless authentication to Solaris 9
I have not had any success with using putty (passwordless authentication) to Solaris 9 using Sun Microsystems supplied sshd! I am pretty new to ssh but I like what I see so far. I have had absolutely no problems with HPUX to SuSE, Solaris to RedHat HPUX to Sun and so on using the ssh-keygen -t rsa method of public and private key generation and pushing out the authorized_keys file but as soon as I bring that damn Windows platform into the mix, all bets are off! Anyway,I have been poking around with this shareware application and it seems okay (term type a pain but I will save that for anot...

HELP !! SSH Authentication Problem at a Solaris 9 server
We have installed the following "ssh" binary successfully at all of our Sun Solaris 2.8 and 9 servers. PKGINST: SSHssh2 NAME: SSH Tectia(tm) Server VERSION: 4.1.0.34 All work OK except atlanta, our Solaris 9 server. We are getting the following authentication failed message and can't ssh to it at all : $ ssh atlanta warning: Authentication failed. Disconnected (local); no more authentication methods available (No further authentication methods available.). In atlanta server, we have the following processes running : root 736 1 0 Aug 22 0:00 /usr/l...

Authenticate to windows domain using uniobjects on solaris 9
I set up kerberos authentication and modified pam.conf to authenticate logins to the windows domain succesfully. My problem though is to get uniobjects to authenticate against the windows domain. Please could someone help? Thank you Justus ...

HELP !! SSH Authentication Problem at a Solaris 9 server #2
We have installed the following "ssh" binary successfully at all of our Sun Solaris 2.8 and 9 servers. PKGINST: SSHssh2 NAME: SSH Tectia(tm) Server VERSION: 4.1.0.34 All work OK except atlanta, our Solaris 9 server. We are getting the following authentication failed message and can't ssh to it at all : $ ssh atlanta warning: Authentication failed. Disconnected (local); no more authentication methods available (No further authentication methods available.). In atlanta server, we have the following processes running : root 736 1 0 Aug 22 0:00 /usr/l...

Kerberos authentication does not seem to work when auditing is enabled on Solaris 9
I am running Solaris 9 with auditing turned on (etc/security/bsmconv). The problem I am having is that I can not logon with dtlogin via Kerberos authentication as long as auditing is enabled. If I disable auditing I have no problem logging in with my Kerberos account. I am up to the latest patch cluster. I have been working SUN for over a month and not getting anywhere. SSH, login, kinit works using Kerberos. The only time I have a problem is when trying to log in using dtlogin with Kerberos. When I try to login with my Kerberos account the screen flashes and then sends me back out to the...

Authentication probs with Samba 3.0.x, Solaris 9
Can some kind soul give me some pointer here? I'm having trouble accessing a new install of samba 3.0.[1,2rc1] from a Win XP machine. I keep getting prompted for username/password. This same XP machine can concurrently access a similarly configured 2.2.8a server with no probs. My platform is Solaris 9 update 5 (new install), gcc 3.2.2, samba 3.0.1 and .2rc1 (tried both with same result). I'm using encrypted passwords which seems to be the default in the smb.conf file by it's ommision however I have explicitly set it to yes but it made no difference. Using swat I've set u...

Updating Solaris 9 12/03 to Solaris 9 9/05
I have looked at SunSolve and found the following: http://www.sun.com/service/sunupdate/hosted/#system "Sun Update Connection - System is currently available for Solaris 10 systems only." I'm looking for a commandline method to update Solaris 9 12/03 to Solaris 9 9/05. Something similar to Linux's yum would be nice. Suggestions? Thanks, John On Thu, 16 Nov 2006, John wrote: > I'm looking for a commandline method to update Solaris 9 12/03 to Solaris 9 > 9/05. Something similar to Linux's yum would be nice. > > Suggestions? The closest thing is Li...

Can you install Solaris 9 into a Solaris 9 container?
I found a lot of documentation about installing a Solaris 9 flar into a Solaris 9 container. Can you install Solaris 9 from media into a container? B. On 04/18/11 11:44 AM, Bartholomew wrote: > I found a lot of documentation about installing a Solaris 9 flar into a > Solaris 9 container. Can you install Solaris 9 from media into a container? I don't think so. AFAIR it works only with a flar or ufsdump. On 2011-04-18 17:04:28 +0100, Oscar del Rio said: > On 04/18/11 11:44 AM, Bartholomew wrote: >> I found a lot of documentation about installing a Solaris 9 flar into a ...

LiveUpgrade older Solaris 9 to newer Solaris 9
We support 70 to 80 Sun systems running various releases of Solaris 9 (e.g. s9_58shwpl3, 12/02, 8/03, 4/04 and 9/04). Does anyone know if we can use LiveUpgrade to upgrade the older releases of Solaris 9 to the 9/04 release? We would like to get all of our systems running the 9/04 release of Solaris 9 and LiveUpgrade appears to be a quick and simple way of making that happen. Does anyone have experience doing this with LiveUpgrade? If LiveUpgrade can be used to do these upgrades, any idea if the use of LiveUpgrade in this manner is fully supported by Sun (i.e. if we run into a problem can ...

Which patch cluster: Solaris 9 or Solaris 9 Sun Alert ????
At http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access there are two patch clusters for Solaris 9 (SPARC) 1) Solaris 9 Sun Alert Patch Cluster (127.6M) NAME: Solaris 9 Sun Alert Patch Cluster DATE: 12/24/2004 2) Solaris 9 (133.5M) NAME: Solaris 9 Recommended Patch Cluster DATE: Dec/23/04 Reading the README's for these I can't work out what is the difference between them. I've not checked each patch individually to see what is the latest, but why are there two copies? I must be missing something here. Dave <nospam@nowhere.com> wrote: > Rea...

Sun Solaris Certification
Dear all: I am wondering what will be the right decision regarding Sun Solaris Certification, should I take Solaris 9 certification or should I go for Solaris 10. As I am quiet new in the Solaris field, question arises in my mind, if I get training on Solaris 10, can I easily work on Solaris 9 or Solaris 8 environment ? If any company works on Solaris 9 boxes, whom he will give preference first, Solaris 9 Admin or Solaris 10 Admin, or it does not matter on Solaris version ? Thanks in advance. Best reagrds zaki <shamim.zaki@gmail.com> wrote in message news:1162158973.912696.111680...

solaris 9 AND solaris 10
hi *, Can <subject> be installed together on one sparc ultra 5? rthanks for any help. Yes. On two disks, easily. On one disk it's more involved, but IIRC is do-able, providing you slice things up properly and don't try to do things like share /, /usr etc. Alternatively, investigate LiveUpgrade which makes the whole process a lot easier. -Mark ...

SN#20552 Running Solaris 8 and 9 Applications on Solaris 10 with Solaris Containers
SYSTEM NEWS FOR SUN USERS Vol 127 Issue 1 2008-09-01 Article 20552 from section "BigAdmin" BigAdmin XPerts Session The BigAdmin XPert sessions all BigAdmin community members to interact with experts who will answers questions for the whole community to see. In a recent session, Jeff Victor was the expert and the topic was, "Running Solaris 8 and 9 Applications on Solaris 10 with Solaris Containers". Jeff Victor authored the Sun BluePrints document "Solaris Containers Technology Architecture Guide", &qu...

Solaris 9 or Solaris 10 for newbie?
Soon I'll be receiving my first Sun workstation (W2100z) with Solaris 9 and Java Desktop 2 preinstalled. As a user fairly new to Solaris - I've been using Linux as main OS since last August, Windows for years prior to that - would I be best off utilizing the preinstalled Solaris 9 or installing Solaris 10? I've been leaning towards Solaris 10 and just wanted some 'professional' inputs on the idea. My primary goal is learning Solaris and I won't mind reinstalling Solaris 10 later in the year when all the other features are fully integrated [ZFS, Janus, etc.]. I'v...

Solaris 9 : Solaris Volume Manager
Hi I have a diskset that no longer has the underlying disks associated to it. The diskset shows up in metaset. How can I delete the diskset. Since the underlying disks are no longer available I cannot take ownership of the diskset to perform administrative operations. How does metaset know that the diskset exists as the underlying state database for the set doesn't exist. What configuration file contains the set information. Best Wishes Nick nick@nickhavardxyz.com P.S. Remove xyz to reply ...

libtiff.so in Solaris 9 9/04
I just noticed that the shared library libtiff.so has disappeared from /usr/openwin/lib under Solaris 9 9/04. In fact it's patch 114219-08 which removes it. This patch is preinstalled in 9/04 (it wasn't in 4/04), the affected package is SUNWolrte. If you have self-compiled applications that were linked dynamically against libtiff.so.3 in /usr/openwin/lib, those might fail to run now. There is /usr/sfw/lib/libtiff.so in package SUNWTiff which can be used instead, so a wrapper script which sets LD_LIBRARY_PATH might help (or, recompile those applications). mp. -- Systems Administrator...

Installing Solaris 10 or Solaris 9
Hi there, I have an old Sun Box, is an Ultra SPARC-IIi 300MHz, right now I am using Solaris 9. I have a two parts question, first one is, can I install Solaris 10 on this machine?, maybe is just to outdated for it. Second question is, can I download all the Solaris 9 software from "www.sun.com" as DVD, into a Windows XP box, them burn them as a DVD, will it work on my Sun Box?, or once I download them in to the Windows box, do I have to expand each zip file, them burn them into a DVD, and again the same question will it work on the Sun Box? Thanks. Alfonso G. Urroz "Alfonso...

Solaris 9 vs. Solaris 10?
I recently changed my x86 version of Solaris 8 to Solaris 10 at home, and so far I really like what I see. I never installed Solaris 9. What were the major differences between Solaris 9 and Solaris 10? - Scott Smith: scott.smith@iphouse.com MySpace: http://www.myspace.com/choppersmith S. Smith <scott.smith@iphouse.com> wrote: > > I recently changed my x86 version of Solaris 8 to Solaris 10 > at home, and so far I really like what I see. > > I never installed Solaris 9. What were the major differences between > Solaris 9 and Sol...

Solaris 9 differences than Solaris 8
Ive read over some of the errata type and release notes information for Solaris 9. Just a couple of quick questions for those of you that have migrated. Is CDE still available in 9? Also, if I have applications that utilize the libs in /usr/openwin are they still available? Basically I read that /usr/openwin is gone on 9 .. if thats true are they including it on the bonus sw disks? What, if any, issues have people had in relation to using gnome with their older applications that ran under CDE or openwin? If I could get some migration issues that people have had and resoultions/things to ...

Solaris 10 (build 63) upgrade fails on Solaris 8 as well as Solaris 9 sparcs
Hello Using the Solaris 10 build 63 for sparc. Tried to do upgrades on the following two machines. 1. E4500 Solaris 8 (117350-11 Kernel level) Entire Distribution OEM support cluster, OBP 3.2.30. 2. Ultra 2 Solaris 9 Entire Distribution and OEM support cluster. On both machines the upgrade starts when I put the CD 1 and and reaches to the point where I have to select whether I want to do "Initial Install" or "Upgrade". When I check upgrade it starts initializing the system and halfway through I get the follwoing error "Could not reinitialize the sy...