SSH and Kerberos in Solaris 9

  • Permalink
  • submit to reddit
  • Email
  • Follow


    Hello
I post this in the kerberos newsgroup as well. I have kerberos working
on a Solaris 9 box in the sense that if I type:

   kinit henrik

the system authenticates the password without error. I need to get ssh
to accept the kerberos authentication. In Linux it was easy to do, but
I am having trouble configuring the Solaris /etc/pam.conf file to make
this work. Uncommenting this section:

#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
rlogin		auth optional		pam_krb5.so.1 try_first_pass
login		auth optional		pam_krb5.so.1 try_first_pass
other		auth optional		pam_krb5.so.1 try_first_pass
cron		account optional 	pam_krb5.so.1
other		account optional 	pam_krb5.so.1
other		session optional 	pam_krb5.so.1
other		password optional 	pam_krb5.so.1 try_first_pass

does not make ssh accept kerberos passwords for ssh logins. As a test I
enabled telnet and with telnet things fail as well:

login: henrik
Password:
Enter Kerberos password for henrik:
authentication failed:  Unknown code 2

On the login prompt the kerberos password is accepted, but then it
requests it again and the same password fails. I really am not
interested in getting telnet to work, it was just for diagnosis I tried
it.

Any help would be appreciated.
  
    - Henrik

0
Reply henrik11 (4) 10/26/2005 4:07:42 PM

See related articles to this posting

comp.unix.solaris 25789 articles. 87 followers. Post

0 Replies
184 Views

Similar Articles

[PageSpeed] 35


Reply:

Similar Artilces:

Kerberos MIT SSH Solaris 9
Hi all, I'm experiencing some problem on kerberizing ssh on Solaris 9 with MIT Kerberos, I have the following setting: 1. Sun Solaris 5.9 2. MIT Kerberos KDC 1.6.3 ( I use just the kdc from the MIT Kerberos) 3. On Kerberos client side I used the one from Solaris from the following packet: SUNWkrbu 4. Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f This is my pam.conf: # PAM configuration # # Customized to try pam_unix, then pam_krb5 # # Unless explicitly defined, all services use the modules # defined in the "other" section. # # Modules are defined with relative pa...

SOLARIS 9 MIT KERBEROS SSH
Hi all, I'm experiencing some problem on kerberizing ssh on Solaris 9 with MIT Kerberos, I have the following setting: 1. Sun Solaris 5.9 2. MIT Kerberos KDC 1.6.3 ( I use just the kdc from the MIT Kerberos) 3. On Kerberos client side I used the one from Solaris from the following packet: SUNWkrbu 4. Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f This is my pam.conf: # PAM configuration # # Customized to try pam_unix, then pam_krb5 # # Unless explicitly defined, all services use the modules # defined in the "other" section. # # Modules are defined with relative pa...

Authenticating via Kerberos in SSH on Solaris 9
Greetings All, I have been making good progress in getting Kerberos to work on Solaris 9 and Windows AD. I have it working very well from the console. Problems arise when I use SSH. I have my pam.conf configured as follows for SSH which is identical to login sshd auth sufficient pam_unix_auth.so.1 sshd auth required pam_krb5.so.1 try_first_pass debug When I connect to SSH it does an initial call to the DC before I even enter my password, like so Jan 4 10:03:48 snoopy sshd[19516]: [ID 655841 local6.debug] PAM-KRB5 (auth): pam_sm_authenticate flags=1 Jan 4 10:...

ssh question on Solaris 9/SunOS 5.9
I am running OpenSSH on my Sparc Solaris 8 host and on my Sparc Solaris 9 have decided to go witht the Sun install ssh. Trying to get away from as many thrid party software. If I ssh from one Solaris 8 host to another Solaris 8 host my DISPLAY get passed to the remote host. If I ssh from a Solaris 8 host to a Solaris 9 host, running the Sun ssh, I do not get my DISPLAY passed to the remote host. I looked in the ssh man page on the Solaris 9 host about and have tried setting up the ssh config files but it still does not work. Question: Is it better to stay with OpenSSH? If not can someone p...

Solaris 9 ssh
can somebody let me know what package sun uses for ssl (i.e run pkginfo | grep ssl and let me know what then output is) On Sat, 28 May 2005 19:54:09 -0600, Tod Glenn wrote: > can somebody let me know what package sun uses for ssl > > (i.e run pkginfo | grep ssl and let me know what then output is) It's null. Sun did not use libssl for its ssh or sshd. [ssh]$ ldd sshd libsocket.so.1 => /usr/lib/libsocket.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libz.so.1 => /usr/lib/libz.so.1 libpam.so.1 => /usr/lib/libpam.so.1 ...

SSH on Solaris 9
Is there any particular reason to use the SSH package (and packages it requires)from the sunfreeware site, rather than use the SSH which is supplied with Solaris 9? Some older postings report problems with the version shipped with Solaris 9 which were solved by installing the packages from sunfreeware. Also if I wanted to install the sunfreeware packages would I have to remove the existing ssh packages first? Thanks. On 4 Aug 2004 02:57:51 -0700 cbdeja@my-deja.com (-) wrote: > Also if I wanted to install the sunfreeware packages would I have to > remove the existing ssh packages fir...

Solaris 9 kerberos
hi if someone mentioned Kerberos in solaris 9, can i take it that he meant SEAM? If not, what is the difference between them...thanks ...

ssh to solaris 9
i have run into a problem i can't seem to find the answer to. i can't ssh into a newly installed solaris 9 box. i get a couple of connection closed messages however looking at /var/adm/messages shows that i authenticated in, but for whatever reason the connection closes on me. i know this is an easy one for someone. someone know what i need to do to fix this?... "Ron!" <anemail@spam.net> writes: > i have run into a problem i can't seem to find the answer to. > > i can't ssh into a newly installed solaris 9 box. i get a couple of > connection...

Kerberos on Solaris 9
I am trying to get Kerberos running on Solaris 9 and have a few questions: 1) What is the version of Kerberos shipped with Solaris 9? How does one tell what the version is? 2) I have configured my /etc/krb5/krb5.conf and /etc/krb5/kdc.conf files and when I try and create the kerberos database, I get the following message: kdb5_util: No such entry in the database while calling random key for kadmin/ultra.hcl.com@HCL.COM. Yet, my default realm is MONTREAL.HCL.COM and my dns domain is montreal.hcl.com. I am not sure where kdb5_util is getting this information. I have applied the latest...

Solaris 9 LDAP and Kerberos
Does anyone know that packages that have to be added to get LDAP and Kerberos (assuming they were not installed when the server was built). wayne ...

SSH on Solaris 9 #2
Just wonder when install solaris 9, if not choose install entire distribution, will it install ssh package? If the current installed solaris 9 doesn't include SSH package and there is no random devices been configured, can just add the SSH package? and will those SSH packages create random devices? Thanks! bridge_xue@yahoo.com (Bridge) writes: >Just wonder when install solaris 9, if not choose install entire >distribution, will it install ssh package? >If the current installed solaris 9 doesn't include SSH package and >there is no random devices been configured, can ju...

SSH to E3500 Solaris 9
Hi everyone, I've successfully installed Solaris 9 on an e3500 however I can't ssh into the machine. It prompts for the password [root password] for the e3500 box but it rejects it with a permission denied message. Any ideas would be appreciated. THX Michael Thanks Michaelp ++++++++++++++++++++++++++++++++ No free torches, you must also provide the correct answer! +++++++++++++++++++++++++++++++++ METP <metp@rogers.com> writes: > Hi everyone, > > I've successfully installed Solaris 9 on an e3500 however I can't ssh > into the machine. It prompts for th...

SSH Problem on Solaris 9
Hi I have a fresh install of Solaris9 and have enabled the root user to login using ssh. My problem is if I change the root user's shell from sh to bash, I'm denied login using ssh unless I change it back to sh. I would like to use the bash shell when using ssh. Have I missed something here ? Thanks Craig On 2006-12-20 10:02:27 +0000, "Craig Mann" <craig.mann@ardentia.co.uk> said: > Hi > > I have a fresh install of Solaris9 and have enabled the root user to > login using ssh. My problem is if I change the root user's shell from > sh to...

Chrooting SSH on Solaris 9
Dear All, I have a problem trying to setup a chrooted SSH server on Solaris 9 using Sun SSH version 1.0. I trussed the sshd and have copied basically most libs in /usr/lib and /usr/lib/security to my jail in order to get this working but it is unable to authenticate the user: <snip from sshd -ddd output> $ /usr/sbin/chroot/ /u01/chroot-sftp /usr/lib/ssh/sshd -ddd debug3: cipher ok: aes128-cbc [aes128-cbc,blowfish-cbc,3des-cbc] debug3: cipher ok: blowfish-cbc [aes128-cbc,blowfish-cbc,3des-cbc] debug3: cipher ok: 3des-cbc [aes128-cbc,blowfish-cbc,3des-cbc] debug3: ciphers ok: [aes128-cb...

Kerberos and Solaris 9 problems
Hey all, I'm trying to configure a Solaris 9 server to authenticate against an Win 2000 ADS server with mixed results and was looking for some insight. So here's the thing; Once logged in, I can run kinit and aquire a ticket: # kinit Password for user_name@REALM.COM: # klist Ticket cache: /tmp/krb5cc_7155 Default principal: user_name@REALM.COM Valid starting Expires Service principal Thu Mar 30 16:14:41 2006 Fri Mar 31 02:14:41 2006 krbtgt/REALM.COM@REALM.COM renew until Thu Apr 06 17:14:41 2006 But, I can no...

RE: Kerberos on Solaris 9
OK, I installed SEAM 1.0.2 on Solaris 9. I notice that it modified my inetd.conf and pam.conf files automatically. Great! Now, when I try and do a plain login (telnet) to the box, I get logged in, I see the "Last login: ..." message and then get automatically logged off. I have the same issue with a kerberized telnet. Any ideas how to figure out what is wrong? TIA Pierre > -----Original Message----- > From: Wyllys Ingersoll [mailto:wyllys.ingersoll@sun.com] > Sent: Thursday, May 20, 2004 2:09 PM > To: Pierre Goyette > Cc: Kerberos@mit.edu > Subject: Re: Kerber...

Kerberos, Solaris 9, mod_auth_kerb
Hey all, I have some questions about kerberos, and more specifically, about mod_auth_kerb and Solaris. My setup is as follows: Solaris 9 Apache (have tested 2.0.48 and 2.0.55) currently: 2.0.55 MIT Kerberos (tested both 1.4.3 and 1.5 ) currently: 1.5 Mod_auth_kerb (tried rc 6 and rc7) currently: rc7 Windows 2003 Active Directory I know for certain that the kerberos environment is set up correctly. Not only can I do a kinit and klist and get that set up, but also the kvno numbers match and the logs on the Active Directory confirm that I have been authenticated. The problem however is that mod...

Solaris 9 SSH as root question
Running S9 (9/04) with 117171-17 kernel patch installed. I want to set up SSH so that, as root, I can ssh without password between two specific machines. S9 installs automatically it appears with DSA and RSA keys in /etc/ssh for root. Here's what I did: o changed /etc/ssh/sshd_config PermitRootLogin to yes (did not change anything else) o copied each machine's /etc/ssh/ssh_host_rsa_key.pub to the other machine's /.ssh/authorized_keys o re-started SSH on both sides I'm only able to ssh to the other side if the password is supplied. What am I missing? Thanks, T...

SSH and IPSec Configuration on Solaris 9
Hello all, I wanted to know, if on a fresh installation of Solaris 9, SSh and IPSec come pre configured. I understand Solaris 9 installs both SSH and IPSec. But I am not very sure if it is configured also. We are using the Full installation of Solaris 9. And when we tried to connect to the m/c using SSH, it connected without any problems. Best Regards, Pradeep ...

solaris 9 ssh ahangs on exit ?
Hello, On solaris 9, recommended patches as of Dec 5th applied. On occasion, exiting from an ssh session to another machine hangs. Is there a fix for that ? We're using solaris' ssh. Thanks Guy Dallaire sez: > Hello, > > On solaris 9, recommended patches as of Dec 5th applied. > > On occasion, exiting from an ssh session to another machine hangs. Is there > a fix for that ? It usually happens when you start a background process and it doesn't properly close its stdin/out/err. Adding >/dev/null and 2>&1 to command line usually helps. Keyword her...

ssh acting funny on Solaris 9
a little background. I just moved this Solaris 9 box from a 192.102.219 to a 65.197.223 network. Now when other clients connect to it via SSH, they log in ok, but after about 2 minutes the session hangs. Also, I can not ssh from this Solaris box to anywhere. I can however ping other hosts on the 65.197.223 network. jimr@catastrophe:/home/catastrophe/jimr : ssh -v jimr@boojum SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0. debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: getuid 1019 g...

RE: Kerberos on Solaris 9 #2
Laurent, I gave up trying to get Sun's Kerberos working on Solaris 9. I installed the MIT 1.3.3 binaries on my sun box which is an application server. I configured my /etc/krb5.conf, /etc/inetd.conf and my /etc/krb5.keytab file. When I telnet to the sun box, I get logged in automatically (e.g. I see the "Last login: xxx" line appear) and then I get asked for a password again. I know that this is solaris asking for the password again (and not Kerberos). I do not have anything set in /etc/pam.conf and have read that Sun's pam_krb.so.1 is not compatible with MIT Kerberos. W...

New ssh/sshd patches for Solaris 9
I have just tried applying the following clutch of new Solaris 9 patches 112908-24 krb5, gss Patch 113273-11 /usr/lib/ssh/sshd Patch 114356-07 /usr/bin/ssh Patch 117177-02 lib/gss module Patch on a couple of workstations. They can still ssh to each other, but while doing so generate messages like ssh[4690]: Kerberos mechanism library initialization error: No profile file open. unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so] unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so] (and similar messages from sshd on the ssh'd-to workstat...