SSH and Kerberos in Solaris 9

  • Permalink
  • submit to reddit
  • Email
  • Follow


    Hello
I post this in the kerberos newsgroup as well. I have kerberos working
on a Solaris 9 box in the sense that if I type:

   kinit henrik

the system authenticates the password without error. I need to get ssh
to accept the kerberos authentication. In Linux it was easy to do, but
I am having trouble configuring the Solaris /etc/pam.conf file to make
this work. Uncommenting this section:

#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
rlogin		auth optional		pam_krb5.so.1 try_first_pass
login		auth optional		pam_krb5.so.1 try_first_pass
other		auth optional		pam_krb5.so.1 try_first_pass
cron		account optional 	pam_krb5.so.1
other		account optional 	pam_krb5.so.1
other		session optional 	pam_krb5.so.1
other		password optional 	pam_krb5.so.1 try_first_pass

does not make ssh accept kerberos passwords for ssh logins. As a test I
enabled telnet and with telnet things fail as well:

login: henrik
Password:
Enter Kerberos password for henrik:
authentication failed:  Unknown code 2

On the login prompt the kerberos password is accepted, but then it
requests it again and the same password fails. I really am not
interested in getting telnet to work, it was just for diagnosis I tried
it.

Any help would be appreciated.
  
    - Henrik

0
Reply henrik11 (4) 10/26/2005 4:07:42 PM

See related articles to this posting

comp.unix.solaris 25802 articles. 88 followers. Post

0 Replies
222 Views

Similar Articles

[PageSpeed] 15


Reply:

Similar Artilces:

Kerberos MIT SSH Solaris 9
Hi all, I'm experiencing some problem on kerberizing ssh on Solaris 9 with MIT Kerberos, I have the following setting: 1. Sun Solaris 5.9 2. MIT Kerberos KDC 1.6.3 ( I use just the kdc from the MIT Kerberos) 3. On Kerberos client side I used the one from Solaris from the following packet: SUNWkrbu 4. Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f This is my pam.conf: # PAM configuration # # Customized to try pam_unix, then pam_krb5 # # Unless explicitly defined, all services use the modules # defined in the "other" section. # # Modules are defined with relative pa...

SOLARIS 9 MIT KERBEROS SSH
Hi all, I'm experiencing some problem on kerberizing ssh on Solaris 9 with MIT Kerberos, I have the following setting: 1. Sun Solaris 5.9 2. MIT Kerberos KDC 1.6.3 ( I use just the kdc from the MIT Kerberos) 3. On Kerberos client side I used the one from Solaris from the following packet: SUNWkrbu 4. Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f This is my pam.conf: # PAM configuration # # Customized to try pam_unix, then pam_krb5 # # Unless explicitly defined, all services use the modules # defined in the "other" section. # # Modules are defined with relative pa...

Authenticating via Kerberos in SSH on Solaris 9
Greetings All, I have been making good progress in getting Kerberos to work on Solaris 9 and Windows AD. I have it working very well from the console. Problems arise when I use SSH. I have my pam.conf configured as follows for SSH which is identical to login sshd auth sufficient pam_unix_auth.so.1 sshd auth required pam_krb5.so.1 try_first_pass debug When I connect to SSH it does an initial call to the DC before I even enter my password, like so Jan 4 10:03:48 snoopy sshd[19516]: [ID 655841 local6.debug] PAM-KRB5 (auth): pam_sm_authenticate flags=1 Jan 4 10:...

ssh question on Solaris 9/SunOS 5.9
I am running OpenSSH on my Sparc Solaris 8 host and on my Sparc Solaris 9 have decided to go witht the Sun install ssh. Trying to get away from as many thrid party software. If I ssh from one Solaris 8 host to another Solaris 8 host my DISPLAY get passed to the remote host. If I ssh from a Solaris 8 host to a Solaris 9 host, running the Sun ssh, I do not get my DISPLAY passed to the remote host. I looked in the ssh man page on the Solaris 9 host about and have tried setting up the ssh config files but it still does not work. Question: Is it better to stay with OpenSSH? If not can someone p...

Updating Solaris 9 12/03 to Solaris 9 9/05
I have looked at SunSolve and found the following: http://www.sun.com/service/sunupdate/hosted/#system "Sun Update Connection - System is currently available for Solaris 10 systems only." I'm looking for a commandline method to update Solaris 9 12/03 to Solaris 9 9/05. Something similar to Linux's yum would be nice. Suggestions? Thanks, John On Thu, 16 Nov 2006, John wrote: > I'm looking for a commandline method to update Solaris 9 12/03 to Solaris 9 > 9/05. Something similar to Linux's yum would be nice. > > Suggestions? The closest thing is Li...

Solaris 9 ssh
can somebody let me know what package sun uses for ssl (i.e run pkginfo | grep ssl and let me know what then output is) On Sat, 28 May 2005 19:54:09 -0600, Tod Glenn wrote: > can somebody let me know what package sun uses for ssl > > (i.e run pkginfo | grep ssl and let me know what then output is) It's null. Sun did not use libssl for its ssh or sshd. [ssh]$ ldd sshd libsocket.so.1 => /usr/lib/libsocket.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libz.so.1 => /usr/lib/libz.so.1 libpam.so.1 => /usr/lib/libpam.so.1 ...

SSH on Solaris 9
Is there any particular reason to use the SSH package (and packages it requires)from the sunfreeware site, rather than use the SSH which is supplied with Solaris 9? Some older postings report problems with the version shipped with Solaris 9 which were solved by installing the packages from sunfreeware. Also if I wanted to install the sunfreeware packages would I have to remove the existing ssh packages first? Thanks. On 4 Aug 2004 02:57:51 -0700 cbdeja@my-deja.com (-) wrote: > Also if I wanted to install the sunfreeware packages would I have to > remove the existing ssh packages fir...

Solaris 9 kerberos
hi if someone mentioned Kerberos in solaris 9, can i take it that he meant SEAM? If not, what is the difference between them...thanks ...

ssh to solaris 9
i have run into a problem i can't seem to find the answer to. i can't ssh into a newly installed solaris 9 box. i get a couple of connection closed messages however looking at /var/adm/messages shows that i authenticated in, but for whatever reason the connection closes on me. i know this is an easy one for someone. someone know what i need to do to fix this?... "Ron!" <anemail@spam.net> writes: > i have run into a problem i can't seem to find the answer to. > > i can't ssh into a newly installed solaris 9 box. i get a couple of > connection...

Kerberos on Solaris 9
I am trying to get Kerberos running on Solaris 9 and have a few questions: 1) What is the version of Kerberos shipped with Solaris 9? How does one tell what the version is? 2) I have configured my /etc/krb5/krb5.conf and /etc/krb5/kdc.conf files and when I try and create the kerberos database, I get the following message: kdb5_util: No such entry in the database while calling random key for kadmin/ultra.hcl.com@HCL.COM. Yet, my default realm is MONTREAL.HCL.COM and my dns domain is montreal.hcl.com. I am not sure where kdb5_util is getting this information. I have applied the latest...

Can you install Solaris 9 into a Solaris 9 container?
I found a lot of documentation about installing a Solaris 9 flar into a Solaris 9 container. Can you install Solaris 9 from media into a container? B. On 04/18/11 11:44 AM, Bartholomew wrote: > I found a lot of documentation about installing a Solaris 9 flar into a > Solaris 9 container. Can you install Solaris 9 from media into a container? I don't think so. AFAIR it works only with a flar or ufsdump. On 2011-04-18 17:04:28 +0100, Oscar del Rio said: > On 04/18/11 11:44 AM, Bartholomew wrote: >> I found a lot of documentation about installing a Solaris 9 flar into a ...

LiveUpgrade older Solaris 9 to newer Solaris 9
We support 70 to 80 Sun systems running various releases of Solaris 9 (e.g. s9_58shwpl3, 12/02, 8/03, 4/04 and 9/04). Does anyone know if we can use LiveUpgrade to upgrade the older releases of Solaris 9 to the 9/04 release? We would like to get all of our systems running the 9/04 release of Solaris 9 and LiveUpgrade appears to be a quick and simple way of making that happen. Does anyone have experience doing this with LiveUpgrade? If LiveUpgrade can be used to do these upgrades, any idea if the use of LiveUpgrade in this manner is fully supported by Sun (i.e. if we run into a problem can ...

Which patch cluster: Solaris 9 or Solaris 9 Sun Alert ????
At http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access there are two patch clusters for Solaris 9 (SPARC) 1) Solaris 9 Sun Alert Patch Cluster (127.6M) NAME: Solaris 9 Sun Alert Patch Cluster DATE: 12/24/2004 2) Solaris 9 (133.5M) NAME: Solaris 9 Recommended Patch Cluster DATE: Dec/23/04 Reading the README's for these I can't work out what is the difference between them. I've not checked each patch individually to see what is the latest, but why are there two copies? I must be missing something here. Dave <nospam@nowhere.com> wrote: > Rea...

Solaris 9 LDAP and Kerberos
Does anyone know that packages that have to be added to get LDAP and Kerberos (assuming they were not installed when the server was built). wayne ...

SSH on Solaris 9 #2
Just wonder when install solaris 9, if not choose install entire distribution, will it install ssh package? If the current installed solaris 9 doesn't include SSH package and there is no random devices been configured, can just add the SSH package? and will those SSH packages create random devices? Thanks! bridge_xue@yahoo.com (Bridge) writes: >Just wonder when install solaris 9, if not choose install entire >distribution, will it install ssh package? >If the current installed solaris 9 doesn't include SSH package and >there is no random devices been configured, can ju...

SSH to E3500 Solaris 9
Hi everyone, I've successfully installed Solaris 9 on an e3500 however I can't ssh into the machine. It prompts for the password [root password] for the e3500 box but it rejects it with a permission denied message. Any ideas would be appreciated. THX Michael Thanks Michaelp ++++++++++++++++++++++++++++++++ No free torches, you must also provide the correct answer! +++++++++++++++++++++++++++++++++ METP <metp@rogers.com> writes: > Hi everyone, > > I've successfully installed Solaris 9 on an e3500 however I can't ssh > into the machine. It prompts for th...

SSH Problem on Solaris 9
Hi I have a fresh install of Solaris9 and have enabled the root user to login using ssh. My problem is if I change the root user's shell from sh to bash, I'm denied login using ssh unless I change it back to sh. I would like to use the bash shell when using ssh. Have I missed something here ? Thanks Craig On 2006-12-20 10:02:27 +0000, "Craig Mann" <craig.mann@ardentia.co.uk> said: > Hi > > I have a fresh install of Solaris9 and have enabled the root user to > login using ssh. My problem is if I change the root user's shell from > sh to...

Chrooting SSH on Solaris 9
Dear All, I have a problem trying to setup a chrooted SSH server on Solaris 9 using Sun SSH version 1.0. I trussed the sshd and have copied basically most libs in /usr/lib and /usr/lib/security to my jail in order to get this working but it is unable to authenticate the user: <snip from sshd -ddd output> $ /usr/sbin/chroot/ /u01/chroot-sftp /usr/lib/ssh/sshd -ddd debug3: cipher ok: aes128-cbc [aes128-cbc,blowfish-cbc,3des-cbc] debug3: cipher ok: blowfish-cbc [aes128-cbc,blowfish-cbc,3des-cbc] debug3: cipher ok: 3des-cbc [aes128-cbc,blowfish-cbc,3des-cbc] debug3: ciphers ok: [aes128-cb...

Kerberos and Solaris 9 problems
Hey all, I'm trying to configure a Solaris 9 server to authenticate against an Win 2000 ADS server with mixed results and was looking for some insight. So here's the thing; Once logged in, I can run kinit and aquire a ticket: # kinit Password for user_name@REALM.COM: # klist Ticket cache: /tmp/krb5cc_7155 Default principal: user_name@REALM.COM Valid starting Expires Service principal Thu Mar 30 16:14:41 2006 Fri Mar 31 02:14:41 2006 krbtgt/REALM.COM@REALM.COM renew until Thu Apr 06 17:14:41 2006 But, I can no...

RE: Kerberos on Solaris 9
OK, I installed SEAM 1.0.2 on Solaris 9. I notice that it modified my inetd.conf and pam.conf files automatically. Great! Now, when I try and do a plain login (telnet) to the box, I get logged in, I see the "Last login: ..." message and then get automatically logged off. I have the same issue with a kerberized telnet. Any ideas how to figure out what is wrong? TIA Pierre > -----Original Message----- > From: Wyllys Ingersoll [mailto:wyllys.ingersoll@sun.com] > Sent: Thursday, May 20, 2004 2:09 PM > To: Pierre Goyette > Cc: Kerberos@mit.edu > Subject: Re: Kerber...

Kerberos, Solaris 9, mod_auth_kerb
Hey all, I have some questions about kerberos, and more specifically, about mod_auth_kerb and Solaris. My setup is as follows: Solaris 9 Apache (have tested 2.0.48 and 2.0.55) currently: 2.0.55 MIT Kerberos (tested both 1.4.3 and 1.5 ) currently: 1.5 Mod_auth_kerb (tried rc 6 and rc7) currently: rc7 Windows 2003 Active Directory I know for certain that the kerberos environment is set up correctly. Not only can I do a kinit and klist and get that set up, but also the kvno numbers match and the logs on the Active Directory confirm that I have been authenticated. The problem however is that mod...

Sun Solaris Certification
Dear all: I am wondering what will be the right decision regarding Sun Solaris Certification, should I take Solaris 9 certification or should I go for Solaris 10. As I am quiet new in the Solaris field, question arises in my mind, if I get training on Solaris 10, can I easily work on Solaris 9 or Solaris 8 environment ? If any company works on Solaris 9 boxes, whom he will give preference first, Solaris 9 Admin or Solaris 10 Admin, or it does not matter on Solaris version ? Thanks in advance. Best reagrds zaki <shamim.zaki@gmail.com> wrote in message news:1162158973.912696.111680...

Solaris 9 SSH as root question
Running S9 (9/04) with 117171-17 kernel patch installed. I want to set up SSH so that, as root, I can ssh without password between two specific machines. S9 installs automatically it appears with DSA and RSA keys in /etc/ssh for root. Here's what I did: o changed /etc/ssh/sshd_config PermitRootLogin to yes (did not change anything else) o copied each machine's /etc/ssh/ssh_host_rsa_key.pub to the other machine's /.ssh/authorized_keys o re-started SSH on both sides I'm only able to ssh to the other side if the password is supplied. What am I missing? Thanks, T...