Solaris 9 Authentication

Configuration:
MIT Kerberos 1.4
Solaris 9 Master
Solaris 9, MAC OSX, & PC Clients
/usr/lib/ssh/sshd daemon using pam_krb5.so.1
Pre-Auth enabled

Issue:
MAC and PC clients using ssh authenticate successfully against Solaris 9 
servers and Kerberos system.
ssh -l <username> <hostA>
<username>@<hostA> Password: <Enter Kerberos Password>
Last login: Wed Jun 29 08:26:47 2005 from <client host>
motd message
$

Solaris 9 clients get the following error when using Kerberos 
authentication:
ssh -l <username> <hostA>
<username>@<hostA> Password: <Enter Kerberos Password>
Permission denied, please try again.
<username>@<hostA> Password: <Enter Shadow Password>
Last login: Wed Jun 29 08:26:47 2005 from <client hostA>
motd message
$

Master kdc.log:
Jun 29 08:43:55 <master kerberos server> krb5kdc[10062](info): AS_REQ (2 
etypes {3 1}) <hostA ip address> PREAUTH_FAILED: <username@REALM> for 
krbtgt@REALM, Decrypt integrity check failed

Steve
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
scanell (9)
6/29/2005 4:17:20 PM
comp.protocols.kerberos 5499 articles. 1 followers. jwinius (31) is leader. Post Follow

1 Replies
347 Views

Similar Articles

[PageSpeed] 30

Since ssh authentication is taking place on the SUN server, I took a 
copy of the keytab file from the Master kerberos server and placed it 
place of the one created by running ktadd on hostA... now hostA has a 
copy of the kadm5.keytab from the Master server.

Once I did this (and this was the same for the SLAVE Kerberos server), 
then pre-auth works and I was able to sign in to hostA from another 
Solaris box.

Can anyone tell me why this works... I am presuming it has something to 
do with local authentication on hostA that requires the keytab file from 
the Master where the ticket was originally created and thus the keytab 
has the data necessary for decryption.

Steve

scanell wrote:

> Configuration:
> MIT Kerberos 1.4
> Solaris 9 Master
> Solaris 9, MAC OSX, & PC Clients
> /usr/lib/ssh/sshd daemon using pam_krb5.so.1
> Pre-Auth enabled
>
> Issue:
> MAC and PC clients using ssh authenticate successfully against Solaris 
> 9 servers and Kerberos system.
> ssh -l <username> <hostA>
> <username>@<hostA> Password: <Enter Kerberos Password>
> Last login: Wed Jun 29 08:26:47 2005 from <client host>
> motd message
> $
>
> Solaris 9 clients get the following error when using Kerberos 
> authentication:
> ssh -l <username> <hostA>
> <username>@<hostA> Password: <Enter Kerberos Password>
> Permission denied, please try again.
> <username>@<hostA> Password: <Enter Shadow Password>
> Last login: Wed Jun 29 08:26:47 2005 from <client hostA>
> motd message
> $
>
> Master kdc.log:
> Jun 29 08:43:55 <master kerberos server> krb5kdc[10062](info): AS_REQ 
> (2 etypes {3 1}) <hostA ip address> PREAUTH_FAILED: <username@REALM> 
> for krbtgt@REALM, Decrypt integrity check failed
>
> Steve
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
scanell (9)
6/29/2005 9:41:17 PM
Reply:

Similar Artilces:

Authenticating via Kerberos in SSH on Solaris 9
Greetings All, I have been making good progress in getting Kerberos to work on Solaris 9 and Windows AD. I have it working very well from the console. Problems arise when I use SSH. I have my pam.conf configured as follows for SSH which is identical to login sshd auth sufficient pam_unix_auth.so.1 sshd auth required pam_krb5.so.1 try_first_pass debug When I connect to SSH it does an initial call to the DC before I even enter my password, like so Jan 4 10:03:48 snoopy sshd[19516]: [ID 655841 local6.debug] PAM-KRB5 (auth): pam_sm_authenticate flags=1 Jan 4 10:03:48 snoopy sshd[19516]: [ID 549540 local6.debug] PAM-KRB5 (auth): attempt_krb5_auth: start: user='cbrown' Jan 4 10:03:48 snoopy sshd[19516]: [ID 179272 local6.debug] PAM-KRB5 (auth): attempt_krb5_auth: krb5_get_init_creds_password returns: Decrypt integrity check failed Jan 4 10:03:48 snoopy sshd[19516]: [ID 399723 local6.debug] PAM-KRB5 (auth): clearing initcreds in pam_authenticate() Jan 4 10:03:48 snoopy sshd[19516]: [ID 833335 local6.debug] PAM-KRB5 (auth): attempt_krb5_auth returning 9 Jan 4 10:03:48 snoopy sshd[19516]: [ID 954327 local6.debug] PAM-KRB5 (auth): prompting for password Jan 4 10:03:48 snoopy sshd[19516]: [ID 549540 local6.debug] PAM-KRB5 (auth): attempt_krb5_auth: start: user='cbrown' Jan 4 10:03:48 snoopy sshd[19516]: [ID 179272 local6.debug] PAM-KRB5 (auth): attempt_krb5_auth: krb5_get_init_creds_password returns: Decrypt integrity check faile...

Kerberos authentication does not seem to work when auditing is enabled on Solaris 9
I am running Solaris 9 with auditing turned on (etc/security/bsmconv). The problem I am having is that I can not logon with dtlogin via Kerberos authentication as long as auditing is enabled. If I disable auditing I have no problem logging in with my Kerberos account. I am up to the latest patch cluster. I have been working SUN for over a month and not getting anywhere. SSH, login, kinit works using Kerberos. The only time I have a problem is when trying to log in using dtlogin with Kerberos. When I try to login with my Kerberos account the screen flashes and then sends me back out to the login screen. the account I am using resides on the KDC which is a Windows 2003 DC and also within the passwd file. The passwords to not match so I can tell which one I am actually logging into. here is a copy of my pam.conf file which works for ssh both Kerberos and local, login both Kerberos and local, and dtlogin local The only issue I have is dtlogin using Kerberos authentication with auditing enabled. turn auditing off and I get right in. Any help would be greatly appreciated. I have duplicated the same symptoms on two different Solaris 9 systems. My Solaris 8 systems are working fine. # more pam.conf # #ident "@(#)pam.conf 1.16 01/01/24 SMI" # # Copyright (c) 1996-2000 by Sun Microsystems, Inc. # All rights reserved. # # PAM configuration # # Authentication management # login auth requisite pam_authtok_get.so.1 login auth required ...

Microsoft SSPI error
Hello, I have configuration of active directory 2003 r2 sp3 working with linux mod_auth_kerb. I use SPNEGO for subversion. When using Linux all work great! When using Windows XP(and Windows 7) Firefox/IE/cifs client work great. Problem is subversion which uses neon, it get the following: --- Running post_send hooks ah_post_send (#1), code is 201 (want 401), WWW-Authenticate is Negotiate oYGfMIG coAMKAQChCwYJKoZIhvcSAQICooGHBIGEYIGBBgkqhkiG9xIBAgICAG9yMHCgAwIBBaEDAgEPomQwYqA DAgEXolsEWTLvPLmZvxBgaMEmPDDTIeG9bdJ5rmfTEtsj6Cv9eF9s9Z8sBWhVhPXYzIVsm/sw0hqR+1u DM9frpOeV2Y0YGtDk2flN5iOM/HdEujj0GXAYEWHvPp/3kSc2 auth: SSPI challenge. InitializeSecurityContext [fail] [80090304]. sspi: initializeSecurityContext [failed] [80090304]. --- At windows event log I see the following: --- Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40962 Date: 10/3/2011 Time: 3:55:38 PM User: N/A Computer: VALON Description: The Security System was unable to authenticate to the server HTTP/correlux-gentoo.correlsense.com because the server has completed the authentication, but the client authentication protocol Kerberos has not. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. --- Had anyone seen this before? I tried many configurations, but without success: --- Gentoo --- dev-libs/openssl-1.0.0e -> also downgraded to openssl-0.9.8f www-servers/apache-2.2.21 www-apache/mod_auth_kerb-5.4 -> also downgraded to m...

Updating Solaris 9 12/03 to Solaris 9 9/05
I have looked at SunSolve and found the following: http://www.sun.com/service/sunupdate/hosted/#system "Sun Update Connection - System is currently available for Solaris 10 systems only." I'm looking for a commandline method to update Solaris 9 12/03 to Solaris 9 9/05. Something similar to Linux's yum would be nice. Suggestions? Thanks, John On Thu, 16 Nov 2006, John wrote: > I'm looking for a commandline method to update Solaris 9 12/03 to Solaris 9 > 9/05. Something similar to Linux's yum would be nice. > > Suggestions? The closest thing is Li...

Solaris 9 kerberos
hi if someone mentioned Kerberos in solaris 9, can i take it that he meant SEAM? If not, what is the difference between them...thanks ...

Kerberos on Solaris 9
I am trying to get Kerberos running on Solaris 9 and have a few questions: 1) What is the version of Kerberos shipped with Solaris 9? How does one tell what the version is? 2) I have configured my /etc/krb5/krb5.conf and /etc/krb5/kdc.conf files and when I try and create the kerberos database, I get the following message: kdb5_util: No such entry in the database while calling random key for kadmin/ultra.hcl.com@HCL.COM. Yet, my default realm is MONTREAL.HCL.COM and my dns domain is montreal.hcl.com. I am not sure where kdb5_util is getting this information. I have applied the latest cluster patch from Sun and applied relevant patches for kerberos items. What am I missing? TIA Pierre Goyette Hummingbird Ltd. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Pierre Goyette wrote: >I am trying to get Kerberos running on Solaris 9 and have a few >questions: > >1) What is the version of Kerberos shipped with Solaris 9? How does one >tell what the version is? > > Kerberos in Solaris 9 is based on MIT KRB5 1.2.1, but it also has some bug fixes from later versions. > >2) I have configured my /etc/krb5/krb5.conf and /etc/krb5/kdc.conf files >and when I try and create the kerberos database, I get the following >message: > > kdb5_util: No such entry in the database while calling random key for >kadmin/ultra.hcl.com@HCL....

LiveUpgrade older Solaris 9 to newer Solaris 9
We support 70 to 80 Sun systems running various releases of Solaris 9 (e.g. s9_58shwpl3, 12/02, 8/03, 4/04 and 9/04). Does anyone know if we can use LiveUpgrade to upgrade the older releases of Solaris 9 to the 9/04 release? We would like to get all of our systems running the 9/04 release of Solaris 9 and LiveUpgrade appears to be a quick and simple way of making that happen. Does anyone have experience doing this with LiveUpgrade? If LiveUpgrade can be used to do these upgrades, any idea if the use of LiveUpgrade in this manner is fully supported by Sun (i.e. if we run into a problem can ...

RE: Kerberos on Solaris 9
OK, I installed SEAM 1.0.2 on Solaris 9. I notice that it modified my inetd.conf and pam.conf files automatically. Great! Now, when I try and do a plain login (telnet) to the box, I get logged in, I see the "Last login: ..." message and then get automatically logged off. I have the same issue with a kerberized telnet. Any ideas how to figure out what is wrong? TIA Pierre > -----Original Message----- > From: Wyllys Ingersoll [mailto:wyllys.ingersoll@sun.com] > Sent: Thursday, May 20, 2004 2:09 PM > To: Pierre Goyette > Cc: Kerberos@mit.edu > Subject: Re: Kerberos on Solaris 9 > > Pierre Goyette wrote: > > >I am trying to get Kerberos running on Solaris 9 and have a few > >questions: > > > >1) What is the version of Kerberos shipped with Solaris 9? How does one > >tell what the version is? > > > > > > Kerberos in Solaris 9 is based on MIT KRB5 1.2.1, but it also has > some bug fixes from later versions. > > > > >2) I have configured my /etc/krb5/krb5.conf and /etc/krb5/kdc.conf files > >and when I try and create the kerberos database, I get the following > >message: > > > > kdb5_util: No such entry in the database while calling random key for > >kadmin/ultra.hcl.com@HCL.COM. > > > >Yet, my default realm is MONTREAL.HCL.COM and my dns domain is > >montreal.hcl.com. I am not sure where kdb5_util is getting this > >...

Kerberos and Solaris 9 problems
Hey all, I'm trying to configure a Solaris 9 server to authenticate against an Win 2000 ADS server with mixed results and was looking for some insight. So here's the thing; Once logged in, I can run kinit and aquire a ticket: # kinit Password for user_name@REALM.COM: # klist Ticket cache: /tmp/krb5cc_7155 Default principal: user_name@REALM.COM Valid starting Expires Service principal Thu Mar 30 16:14:41 2006 Fri Mar 31 02:14:41 2006 krbtgt/REALM.COM@REALM.COM renew until Thu Apr 06 17:14:41 2006 But, I can not authenticate with PAM to save my life (with any remote client; telnet, ssh, etc). Sshd's PAM entry looks like: sshd auth requisite pam_authtok_get.so.1 sshd auth required pam_dhkeys.so.1 sshd auth required pam_krb5.so.1 use_first_pass debug sshd auth sufficient pam_unix_auth.so.1 The errors I get in /var/adm/messages are: Mar 30 16:19:21 servername sshd[3245]: [ID 537602 auth.error] PAM-KRB5 (auth): krb5_verify_init_creds failed: Decrypt integrity check failed Is there something I am doing wrong? Telnet fails with the same error. Is this an issue with Solaris 9's built in kerb support (I am not using MIT's). If you could help point me in the right direction, I'd be much appreciative. Thanks --Brett > Hey all, > > I'm trying to configure a Solaris 9 server to authentica...

SSH and Kerberos in Solaris 9
Hello I have kerberos working on a Solaris 9 box in the sense that if I type: kinit henrik the system authenticates the password without error. I need to get ssh to accept the kerberos authentication. In Linux it was easy to do, but I am having trouble configuring the Solaris /etc/pam.conf file to make this work. Uncommenting this section: # # Support for Kerberos V5 authentication (uncomment to use Kerberos) # rlogin auth optional pam_krb5.so.1 try_first_pass login auth optional pam_krb5.so.1 try_first_pass other auth optional pam_krb5.so.1 try_first_pass cron account optional pam_krb5.so.1 other account optional pam_krb5.so.1 other session optional pam_krb5.so.1 other password optional pam_krb5.so.1 try_first_pass does not make ssh accept kerberos passwords for ssh logins. As a test I enabled telnet and with telnet things fail as well: login: henrik Password: Enter Kerberos password for henrik: authentication failed: Unknown code 2 On the login prompt the kerberos password is accepted, but then it requests it again and the same password fails. I really am not interested in getting telnet to work, it was just for diagnosis I tried it. Any help would be appreciated. - Henrik What is the rest of the environment? Is this all SEAM? Are your KDCs MIT, Heimdal or Windows ADs? We use the MIT code Kerberos code on Solaris 9, but on Solaris 10 we have been able to use the SOlaris Kerberos support. What version of SSH are you using? henrik wro...

SSH and Kerberos in Solaris 9
Hello I post this in the kerberos newsgroup as well. I have kerberos working on a Solaris 9 box in the sense that if I type: kinit henrik the system authenticates the password without error. I need to get ssh to accept the kerberos authentication. In Linux it was easy to do, but I am having trouble configuring the Solaris /etc/pam.conf file to make this work. Uncommenting this section: # # Support for Kerberos V5 authentication (uncomment to use Kerberos) # rlogin auth optional pam_krb5.so.1 try_first_pass login auth optional pam_krb5.so.1 try_first_pass other auth optional pa...

Which patch cluster: Solaris 9 or Solaris 9 Sun Alert ????
At http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access there are two patch clusters for Solaris 9 (SPARC) 1) Solaris 9 Sun Alert Patch Cluster (127.6M) NAME: Solaris 9 Sun Alert Patch Cluster DATE: 12/24/2004 2) Solaris 9 (133.5M) NAME: Solaris 9 Recommended Patch Cluster DATE: Dec/23/04 Reading the README's for these I can't work out what is the difference between them. I've not checked each patch individually to see what is the latest, but why are there two copies? I must be missing something here. Dave <nospam@nowhere.com> wrote: > Rea...

Kerberos, Solaris 9, mod_auth_kerb
Hey all, I have some questions about kerberos, and more specifically, about mod_auth_kerb and Solaris. My setup is as follows: Solaris 9 Apache (have tested 2.0.48 and 2.0.55) currently: 2.0.55 MIT Kerberos (tested both 1.4.3 and 1.5 ) currently: 1.5 Mod_auth_kerb (tried rc 6 and rc7) currently: rc7 Windows 2003 Active Directory I know for certain that the kerberos environment is set up correctly. Not only can I do a kinit and klist and get that set up, but also the kvno numbers match and the logs on the Active Directory confirm that I have been authenticated. The problem however is that mod_auth_kerb causes apache to segfault whenever the KrbMethodNegotiate is set to on (This happens whether KrbMethodK5Passwd is set to on or off). When KrbMethodNegotiate is set to off, and KrbMethodK5Passwd is set to on (and obviously I provide the correct credentials) it works flawlessly. Normally, I would assume this to be either an apache or a mod_auth_kerb issue, however, I have tested it with multiple version of both and soemthing else leads me to believe it has something to do with mod_auth_kerb and Solaris 9. When we set this up on a Linux Server (Red Hat Enterprise), and use the mod_auth_kerb that has been pre-compiled for Red Hat, it works, both in the KrbMethodNegotiate and KrbMethodV5Passwd. So I know that mod_auth_kerb as a module works, and I know it works with Apache on my Kerberos environment against the Active Directory, but what it doesn't work with is Solaris 9. So my...

Sun Solaris Certification
Dear all: I am wondering what will be the right decision regarding Sun Solaris Certification, should I take Solaris 9 certification or should I go for Solaris 10. As I am quiet new in the Solaris field, question arises in my mind, if I get training on Solaris 10, can I easily work on Solaris 9 or Solaris 8 environment ? If any company works on Solaris 9 boxes, whom he will give preference first, Solaris 9 Admin or Solaris 10 Admin, or it does not matter on Solaris version ? Thanks in advance. Best reagrds zaki <shamim.zaki@gmail.com> wrote in message news:1162158973.912696.111680...

RE: Kerberos on Solaris 9 #2
Laurent, I gave up trying to get Sun's Kerberos working on Solaris 9. I installed the MIT 1.3.3 binaries on my sun box which is an application server. I configured my /etc/krb5.conf, /etc/inetd.conf and my /etc/krb5.keytab file. When I telnet to the sun box, I get logged in automatically (e.g. I see the "Last login: xxx" line appear) and then I get asked for a password again. I know that this is solaris asking for the password again (and not Kerberos). I do not have anything set in /etc/pam.conf and have read that Sun's pam_krb.so.1 is not compatible with MIT Kerberos. What do I need to do to pam to get this working properly? TIA Pierre -----Original Message----- From: kerberos-bounces@MIT.EDU [mailto:kerberos-bounces@MIT.EDU] On Behalf Of Laurent Bailly Sent: Saturday, May 29, 2004 4:52 AM To: kerberos@MIT.EDU Subject: Re: Kerberos on Solaris 9 Hi, All depends on your pam.conf configuration. To troubleshoot : - First, try to put some order in your pam.conf (login section then telnet, ... other ) It will help to modify pam during tests. - Add entries syslog.conf for auth.debug and *.debug. - Then put pam in debug mode (touch /etc/pam_debug) - Tail the kdc.log - You can also install ethereal to monitor package exchange. => It helps me to fine tune pam.conf. LBA -- <laurent.bailly@swing.be> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerber...

SOLARIS 9 MIT KERBEROS SSH
Hi all, I'm experiencing some problem on kerberizing ssh on Solaris 9 with MIT Kerberos, I have the following setting: 1. Sun Solaris 5.9 2. MIT Kerberos KDC 1.6.3 ( I use just the kdc from the MIT Kerberos) 3. On Kerberos client side I used the one from Solaris from the following packet: SUNWkrbu 4. Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f This is my pam.conf: # PAM configuration # # Customized to try pam_unix, then pam_krb5 # # Unless explicitly defined, all services use the modules # defined in the "other" section. # # Modules are defined with relative pa...

Kerberos MIT SSH Solaris 9
Hi all, I'm experiencing some problem on kerberizing ssh on Solaris 9 with MIT Kerberos, I have the following setting: 1. Sun Solaris 5.9 2. MIT Kerberos KDC 1.6.3 ( I use just the kdc from the MIT Kerberos) 3. On Kerberos client side I used the one from Solaris from the following packet: SUNWkrbu 4. Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f This is my pam.conf: # PAM configuration # # Customized to try pam_unix, then pam_krb5 # # Unless explicitly defined, all services use the modules # defined in the "other" section. # # Modules are defined with relative pathnames, i.e., they are # relative to /usr/lib/security/$ISA. Absolute path names, as # present in this file in previous releases are still acceptable. # # Authentication # # passwd command (explicit because of a different authentication module) # passwd auth required pam_passwd_auth.so.1 # # Default definition for Authentication management # Used when service name is not explicitly mentioned for authentication # management # other auth requisite pam_authtok_get.so.1 other auth sufficient pam_unix_auth.so.1 other auth required pam_krb5.so.1 use_first_pass debug # # Account # # cron service (explicit because of non-usage of pam_roles.so.1) # cron account required pam_projects.so.1 cron account required pam_unix_account.so.1 # See notes about pam_krb5 in "other" section below cron account optional pam_krb...

solaris 9 AND solaris 10
hi *, Can <subject> be installed together on one sparc ultra 5? rthanks for any help. Yes. On two disks, easily. On one disk it's more involved, but IIRC is do-able, providing you slice things up properly and don't try to do things like share /, /usr etc. Alternatively, investigate LiveUpgrade which makes the whole process a lot easier. -Mark ...

LDAP authentication Solaris 8-9 SunOne
Hi, I want to centralize our useraccounts to a ldap-server. Therefore i want to use the SunOne (iPlanet) Directory Server (inkl. license). Is there anywhere a good documentation? i need information on: -> installation / configuration -> redudancy ldap server (synchronisation) -> PAM-authentication? -> secure communication solaris --> LDAP -> LDAP schema for Solaris? thanks in advance, mike Perhaps a little OT but... having done something similar recently, we found this combination a lot easier to live with... http://www.openldap.org/ (...replication was almost trivi...

Authentication problems using Telnet on Solaris 9
I'm trying to authenticate to our W2K domain controllers from my UNIX box running Sun's kerberos distribution (SEAM) on a Solaris 9 box. When I try lo login using my domain logon, I get the following error authentication failed: Unknown code 2 in /var/adm/messages the following message is also logged Sep 3 13:38:03 smithwe1-unix login: [ID 537602 auth.error] PAM-KRB5 (auth): krb5_verify_init_creds failed: Unknown code 2 I've done some searching and found some info indicating possible problems like this on Solaris 9 but so far no resolution. FWIW, when I run kinit, I can authenticate to the domain controllers with no problems. Any idea on what the problem(s) may be? Thanks, Bill Bill, You need a valid keytab to use pam_krb5 or set verify_ap_req_nofail = false. See http://docs.sun.com/db/doc/816-5175/6mbba7f1m?a=view "pam_sm_authenticate() authenticates a user principal through the Kerberos authentication service. If the authentication request is successful, the authentication service sends a ticket-granting ticket (TGT) back to the service module, which then verifies that the TGT came from a valid Key Distribution Center (KDC) by attempting to get a service ticket for the local host service. For this to succeed, the local host's keytab file (/etc/krb5/krb5.keytab) must contain the entry for the local host service. For example, in the file host/hostname.com@REALM, hostname.com is the fully qualified local hostname and REALM is ...

Authenticate to windows domain using uniobjects on solaris 9
I set up kerberos authentication and modified pam.conf to authenticate logins to the windows domain succesfully. My problem though is to get uniobjects to authenticate against the windows domain. Please could someone help? Thank you Justus ...

How do _you_ integrate Kerberos and Solaris 8/9/10?
I'm a bit curious about how _you_ folks do your Kerberos/SecureNFS/SSH integration into your Solaris 8/9/10 systems? Here's my conclusions so far (which might be wrong, please let me know if that's the case!): Solaris 10: The built-in Kerberos/SecureNFS/SSH works just fine except for a few minor nitpicks - SSH stores any forwarded kerberos credentials into /tmp/krb5cc_$uid and thus never removes them when you log out. I also noticed that it (sometimes?) doesn't even removes/replaces a timed-out ticket when you login again - causing problems with NFS (no $HOME until you eithe...

HELP !! SSH Authentication Problem at a Solaris 9 server
We have installed the following "ssh" binary successfully at all of our Sun Solaris 2.8 and 9 servers. PKGINST: SSHssh2 NAME: SSH Tectia(tm) Server VERSION: 4.1.0.34 All work OK except atlanta, our Solaris 9 server. We are getting the following authentication failed message and can't ssh to it at all : $ ssh atlanta warning: Authentication failed. Disconnected (local); no more authentication methods available (No further authentication methods available.). In atlanta server, we have the following processes running : root 736 1 0 Aug 22 0:00 /usr/local/sbin/sshd2 root 679 1 0 Aug 22 0:00 /usr/local/sbin/ssh-certd All Solaris 9 OpenSSH packages (SUNWsshcu, SUNWsshdr, SUNWsshdu, SUNWsshr, SUNWsshu) have been removed from atlanta. Any idea how I could trouble-shoot and resolve the problem at atlanta ?? Thanks in advance for your help, Bill underh20 wrote: > We have installed the following "ssh" binary successfully at all of our > Sun Solaris 2.8 and 9 servers. > > PKGINST: SSHssh2 > NAME: SSH Tectia(tm) Server > VERSION: 4.1.0.34 > > All work OK except atlanta, our Solaris 9 server. We are getting the > following authentication failed message and can't ssh to it at all : > > $ ssh atlanta > > warning: Authentication failed. > Disconnected (local); no more authentication methods available (No > further authentication methods available.). >...

HELP !! SSH Authentication Problem at a Solaris 9 server
We have installed the following "ssh" binary successfully at all of our Sun Solaris 2.8 and 9 servers. PKGINST: SSHssh2 NAME: SSH Tectia(tm) Server VERSION: 4.1.0.34 All work OK except atlanta, our Solaris 9 server. We are getting the following authentication failed message and can't ssh to it at all : $ ssh atlanta warning: Authentication failed. Disconnected (local); no more authentication methods available (No further authentication methods available.). In atlanta server, we have the following processes running : root 736 1 0 Aug 22 0:00 /usr/local/sbin/sshd2 root 679 1 0 Aug 22 0:00 /usr/local/sbin/ssh-certd All Solaris 9 OpenSSH packages (SUNWsshcu, SUNWsshdr, SUNWsshdu, SUNWsshr, SUNWsshu) have been removed from atlanta. Any idea how I could trouble-shoot and resolved this issue ?? Thanks in advance for your help, Bill http://www.snailbook.com/faq/general-debugging.auto.html -- Richard Silverman res@qoxp.net ...

Web resources about - Solaris 9 Authentication - comp.protocols.kerberos

Authentication - Wikipedia, the free encyclopedia
Authentication (from Greek : αὐθεντικός authentikos , "real, genuine," from αὐθέντης authentes , "author") is the act of confirming the truth ...

New Tools to Optimize App Authentication
At f8, we announced a redesigned Auth Dialog and a new authentication flow to give developers more control over people’s first experience with ...

Facebook Tells Some Developers They Have 48 Hours to Fix Authentication Data Leaks
... sent an email to what it calls a “very small percentage of the developer community” informing them their apps are suspected of leaking authentication ...

Lockdown - A better two-factor authentication experience on the App Store on iTunes
Get Lockdown - A better two-factor authentication experience on the App Store. See screenshots and ratings, and read customer reviews.


Sony Authentication Power Outlet Recognizes Users and Devices #DigInfo - YouTube
Sony Authentication Power Outlet Recognizes Users and Devices DigInfo TV - http://diginfo.tv 9/3/2012 NFC & Smart WORLD 2012 Sony Authentication ...

SafeNet brings Cloud-based authentication service to A/NZ
SafeNet has released its new Cloud-based authentication service, billed as Authentication-as-a-Service, in A/NZ.

Online account security: lazy authentication is still the norm
Even in the high-tech world of 2016, crims will be able to side-step your account security by making a phone call and saying they're you.

Digital authentication to become Google's next big focus
Streamlining the website login process a top priority, according to the company’s Australian business and consumer services manager Dan Metcalf. ...

ATO boosts service access via app and voice authentication
The ATO has announced it will extend its voice authentication system to its mobile app

Resources last updated: 3/10/2016 2:38:53 PM