SSH and Kerberos in Solaris 9

I post this in the kerberos newsgroup as well. I have kerberos working
on a Solaris 9 box in the sense that if I type:

   kinit henrik

the system authenticates the password without error. I need to get ssh
to accept the kerberos authentication. In Linux it was easy to do, but
I am having trouble configuring the Solaris /etc/pam.conf file to make
this work. Uncommenting this section:

# Support for Kerberos V5 authentication (uncomment to use Kerberos)
rlogin		auth optional try_first_pass
login		auth optional try_first_pass
other		auth optional try_first_pass
cron		account optional
other		account optional
other		session optional
other		password optional try_first_pass

does not make ssh accept kerberos passwords for ssh logins. As a test I
enabled telnet and with telnet things fail as well:

login: henrik
Enter Kerberos password for henrik:
authentication failed:  Unknown code 2

On the login prompt the kerberos password is accepted, but then it
requests it again and the same password fails. I really am not
interested in getting telnet to work, it was just for diagnosis I tried

Any help would be appreciated.
    - Henrik

henrik11 (4)
10/26/2005 4:07:42 PM
comp.unix.solaris 25928 articles. 0 followers. Post Follow

0 Replies

Similar Articles

[PageSpeed] 57
Similar artilces about - SSH and Kerberos in Solaris 9:

ssh log
i have an ssh server setup on my linux box server, i have several different users that connect to it. Is there any log file that logs the activity of that user, such as what they download or upload via the sftp-server? ...

Debugging 9 apps on X using Metronub Remote in Classic
Hi, I've seen some old posts on this but haven't heard an update for CW 9. I'm under panther with CW 9. Has anyone been able to use metronub remote to debug an app under classic, while running CW 9 under X? It'd save me undescribable amounts of time, and would make a friend of mine stop hating developing on the mac. So far, I've been able to get Metronub remote running fine under classic, but there seems to be a simple communications problem between it and CW. Perhaps I just can't set up the networking properly? Can Classic apps bind ports for incomin...

Solaris 11 on Mac w/ VirtualBox
Is it possible, and how would I configure it, to have a Solaris 11 VM be accessible to my whole LAN by an IP address that is not on the same subnet as the router? I suppose the router would block it, though, in that case. Unless I specify on other devices that the Mac host is the gateway and not the router? -- Wes Groleau Free speech has its limits It failed. Same error message and stack trace as shown at <> but I didn't have any other partitions. I had accepted the...

Unable to find ssh library supporting python 3.1
--001a11c12a5816499704ff67be1c Content-Type: text/plain; charset=UTF-8 Hi, Could you suggest me ssh library supporting python 3.1, to a surprise I checked pramiko, fabric, etc etc and no one does. even workaround with plumbum but not helpful. We have a project entirely on python 3.1 and now we are stuck with ssh. Please help Thank you ~Chi --001a11c12a5816499704ff67be1c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div>Hi, </div> <div>=C2=A0</div> <div>Could you suggest me ssh library supporting pyth...

Facts about Bilk's 9-11 fictions he does not want people to know #4
Updated summary of reasons why Bilk's claims about 9-11 are insane: * Bilk claims that there was a video showing rebar coated with something which is assumed to be explosives (but Bilk does not say how anyone knows this). The only "evidence" he offers is the welders had to have some sort of special security clearance - but how would even this be seen on a video? He never explains that either - nor what the clearance was or who authorized it. Anyway, Bilk says the video was held for many years, then shown on a government owned TV network only to magically d...

Using SSH and get GUI interface
Hi all, It sem possible to connect to the server by using SSH and get GUI interface (X-Windows) on the client to manage application like java or tool like admintool installed on the server. I use Putty under windows and my server use OpenSSH under Solaris. Can you give us more informations and how it's possible to do it ? Thank You very much Best Regards Rahan Rahan wrote: > It sem possible to connect to the server by using SSH and get GUI > interface (X-Windows) on the client to manage application like java or > tool like admintool installed on the server. > > I u...

GTK and GTK 2 Font Settings without running GNOME on Redhat 9
Redhat 9 low bloat setup: ICEwm window manager and rox file manager. How do I change GTK 1 font settings for gimp, galeon, mozilla etc (when running and not running gnome)? How do I get font preference settings in Gnome 2 i.e. GTK 2 apps (including rox) to take affect when not running a gnome session - they don't change until I run the font settings gnome applet (then they all change)- which I assume runs some kind of theme setter in the background? On Sun, 20 Jul 2003 05:32:16 -0700, Tim Milstead wrote: > Redhat 9 low bloat setup: ICEwm window manager and rox file manag...

Solaris jumpstart Issue
I have a quick question on the jumpstart process as it relates to Solaris. I recently jumped a machine and for some reason the system chose one of the SAN devices to build off rather than the local disk. I used the rootdisk.s0 enrty in our profiles and the root disk was set in the boot-device entry on the machine. My understanding from the chart below that I pulled off sundocs is that the device should have been identified via kernel probe order (item 4). What is kernel probe order? I assume this is probe-scsi and probe-scsi-all. However, I am not sure and any insight would be appreciated...

Re: Missing Portions Of a Character Date #9
Robert, Howard pointed out, offline, that my modification of his code still didn't properly address all of the test records. I think that the following correctly addresses each test case, but I'm sure it could be simplified: data have; input chardate : $10.; cards; 1995-04-27 1995-04-- 1995--27 --04-27 --4-- ----27 ; data want; infile cards dsd dlm='-'; if _n_=1 then input @@; set have; chardate=tranwrd(chardate,'--','-.-'); if substr(chardate,1,1) eq '-' then chardate=substr(chardate,2); chardate=tranwrd(chardate,'--',...

Java SSH Term and SSH vnc Term available at my website!
I would like to announce that I am running SSHvnc and SSH Tools Applets on my website devoted to computer security, forensics, and investigations. Visit: Check out the ultimate cybercop / cyberguardian resource! Thanks, Ernie Baca ...

ssh with no homedir
hello is it possible to use sshd only for forwarding, and without homedirs on sshd server host thanks sylvain Sylvain Ferriol wrote: > hello > is it possible to use sshd only for forwarding, and without homedirs on > sshd server host Just give the user /bin/false as shell. He can still use ssh -N -L localport:host.on.intranet:port To make a tunnel. ...

hallo newsgroup, i am newbie in aix, what are the exact! steps to get a connection from internet trhough ssh / ssl to a aix machine? what exactly have i to install where and what to know? i have a laptop running cygwin and able to connect via ssh to a suse machine .... bernd ...

shell ssh over a ssh tunnel
hello i have a ssh tunnel available between internet/intranet network. but i can not login the gateway. only forward is available. how can i open a shell on a sshd server inside intranet throw the ssh gateway. ssh -N -L 22:sshd_intranet:22 sshd_gateway it do not work, ssh localhost returns: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle att...

Re: why does this proc print keep running? #9
I don't think that it is a permission issue. That has nothing to do with writing to SASUSER, because PROC PRINT does nothing like that. Also the report seems to be produced, only the PROC "hangs" in memory. Don't know what a parallel desktop is and how it is handled. Are there some things shared? I can only imagine that it is a issue of locking, if some ressources are shared by the parallel desktops. (Sounds like a kind of virtual machine?) What about memory for example? How much memory each desktop gets? Gerhard On Tue, 17 Mar 2009 09:13:36 -0700, Huong Halpin <huon...

Fun in the Sun with Solaris 9
Here is a summary of some fun I've recently had with Sun and a new V880. I got the machine and put a Sun Ultra-3 card in it attached to a SDLT 320 Sun drive - I wanted fast backups as it contained 6 x 72Gb drives. As the internal drives are not hardware RAID-5 and I wanted resilience, I decided to go for Solaris 9's Disksuite aka Sun Volume Manager and would mirror the disks. Even though they are on the same controller, this would at least help with disk failures. All fine so far - installed Solaris 9, latest patches etc, then configured DiskSuite to mirror root and the other disks....

incoming ssh from two gateways
I have a site with 2 gateways to internet - say and 51 - currently sco openserver 5.07 box uses only the 50. i ssh in from outside to it and go to the sco box just fine. the router uses nat, port forwarding for a variety of functions. i wanted to use the 2nd gateway as well, for now just for other ssh access. i setup the (identical) router ok (i have other nat/port forwarding's working fine), but sco 5.07 box will not communicate back. i am thinking because it will only respond to outside through the 50 gateway. am i correct? if this is the case, what are my options...

US-MI-Auburn Hills: Sun Solaris Eng., UNIX, Sun Solaris; 3M (45335632405)
US-MI-Auburn Hills: Sun Solaris Eng., UNIX, Sun Solaris; 3M (45335632405) ========================================================================= Position: Sun Solaris Eng. Reference: SMC01873 Location: Auburn Hills MI Duration: 3M Skills: UNIX Sun Solaris Scope: Being able to develop and consolidation books for Sun Solaris servers in DCX Please send your current resume in confidence to <> ..45335632405. ...

Please help with ssh over internet to LAN server behind NAT
I wish to ssh in in from the Internet to a specific server computer on my private LAN but I'm having trouble setting that up. Specifically I want to invoke ssh with ssh When I do this the ssh "transaction" does not complete, although I can see with tcpdump that the server is getting something. The server and other computers on the LAN are behind a NAT. I have been testing with both computers actually on the LAN but my next series of tests will be from a client on a modem connection to better simulate real world conditions. The Linux OS is Slackware 10.1 ...

ssh connection
I need to execute commands on a server through a ssh connection, username and password required. I do I setup this connection using matlab and then how do I execute my commands? Anything will help Sebastian ...

Sidebar in Adobe Reader 9.2.0?
Although I used to download pdf documents using Safari, I preferred saving those documents and then using Adobe Reader to read them. Now I find that Preview can open those documents and display page thumbnails in a sidebar. On the other hand, I no longer seem to be able to display thumbnails using Adobe Reader. I cannot find a Reader preference item covering sidebars or a Reader help item on this subject. Am I missing something? Bill -- An old man would be better off never having been born. In article <>, Salmon ...

Ports for DB2 behind firewall / ssh port forward
hi newsgroup, I'd like to connect to a remote DB2 Database V 8.2 using the "DB2 Steuerzentrale" (I guess it's called something like "DB2 management console" in the English version). Since the database host is behind a firewall I tried to communicate through ssh port forwarding. Therefore, I run: ssh -L 6789:remotename:6789 -L 50000:remotename:50000 -L 50001:remotename:50001 -L 523:remotename:523 remotename Though the ssh connection is established, my "DB2 Steuerzentrale" won't connect to localhost successfully and shows an error num...

BIND 9.9.0 is now available
Introduction BIND 9.9.0 is the first production release of BIND 9.9. This document summarizes changes from BIND 9.8 to BIND 9.9. Please see the CHANGES file in the source code release for a complete list of all changes. Download The latest versions of BIND 9 software can always be found on our web site at There you will find additional information about each release, source code, and pre-compiled versions for Microsoft Windows operating systems. Support Product support information is available on http:/...

Re: OT: Which is your favorite? #9
Denys, Thank you for a reply that is well-stated, polite, and thought-provoking. = =20 =20 One of the mistakes that is most often made by non-experts who engage in th= e AGW debate is to confuse weather and climate. If we have an unusually wa= rm summer, people want to attribute it to AGW, and if we have a severe wint= er, others say that disproves AGW. The fact it that weather is always and = has always been variable, and only long-term trends matter when talking abo= ut climate change. The .75 degree drop in global average temperature that = you mentioned, if true and if it cont...

SSH doesnt work!
Hey all, I noticed that ssh doesnt work on my solaris 8 box, when I checked inetd.conf I saw 2 lines for shell uncommented (I am not sure if they are related to ssh) anyway how can enable it again? also I am going to disable Rlogin, but I can not see any entry for that in inetd.conf , how can I disable that? Thanks in advance for any help. Rob Rob wrote: > Hey all, > I noticed that ssh doesnt work on my solaris 8 box, when I checked > inetd.conf I saw 2 lines for shell uncommented (I am not sure if they are > related to ssh) anyway how can enable it again? also I am going to di...

SSH tunnel for simplifying connection to a host by skipping an intermediate machine
Hi! This is my problem: I'm working on pc A and I can connect via ssh to pc B; pc B can connect to pc C via ssh; I cannot connect to pc C directly from pc A. Now I'd like to become able to do that (i.e. to connect pc A directly to pc C via ssh) by means of ssh tunnelling (port forwarding). If that's not possibile, please stop me now. If not, I can tell that so far I think I've been able to setup the ssh tunnel between pc B and C. Now I'd expect to start a ssh connection from pc A to pc B on a specific port and be automatically forwarded to pc C as if I had connected to it d...