- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Kerberos setup issue [HPUX---->AD(KDC)]
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-24-2008 09:46 PM
тАО11-24-2008 09:46 PM
Kerberos setup issue [HPUX---->AD(KDC)]
Could anyone please help me with the Kerberos setup.
I am trying to autheticate HPUX login requests from Active Directory KDC.
This is what I have done so far.
insatalled latest Kerberos products on hpux client
$ swlist | grep -i kerber
KRB5CLIENT D.1.6.2 Kerberos V5 Client Version 1.6.2
PAMKerberos C.01.24 PAM-Kerberos Version 1.24
Setup the KDC on AD server
setup test user (test)and passwd on KDC
imported certificate from KDC to hpux client created using ktpass on KDC
updated the keytab file on hpux client and configurations in /etc/krb5.conf for the REALM
created a same test user on hpux client
and replaced passwd field with "x"
and then
kinit test@REALM works well and gets the ticket from the KDC
klist lists the tickets
#pamkrbval runs well without an error
NOW I want to test this test user first before going for the whole system,
I have updated the pam.conf with following entires
login auth suffcient libpam_krb5.so.1
su auth sufficient libpam_krb5.so.1
sshd auth sufficient libpam_krb5.so.1
then updated /etc/opt/ssh/sshd_confg
to include
KerberosAuthentication yes
but I am getting nowhere when I try to test this user (test).
Thanks in Advance
Any help will be much appreciated.
NOW;
- Tags:
- LDAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-25-2008 05:30 AM
тАО11-25-2008 05:30 AM
Re: Kerberos setup issue [HPUX---->AD(KDC)]
LDAP-UX ships with a setup script that must be run to configure ADC connectivity.
Have you successfully completed this step?
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-25-2008 04:22 PM
тАО11-25-2008 04:22 PM
Re: Kerberos setup issue [HPUX---->AD(KDC)]
Thanks for replying, But I could not undrstand why should I use LDAP-UX setup script,
I believe I have already got ADC connectivity as I am getting TGT from KDC.
i am following below mentioned link to make it work:
http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01250837-3&docLocale=en&admit=109447627+1217947780651+28353475
Please let me know if something is missing in it according to you.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-25-2008 04:40 PM
тАО11-25-2008 04:40 PM
Re: Kerberos setup issue [HPUX---->AD(KDC)]
Nov 26 09:24:36 vmhost sshd[2638]: pam_start(sshd test)
Nov 26 09:24:36 vmhost sshd[2638]: pam_set_item(1)
Nov 26 09:24:36 vmhost sshd[2638]: pam_set_item(2)
Nov 26 09:24:36 vmhost sshd[2638]: pam_set_item(5)
Nov 26 09:24:36 vmhost sshd[2638]: invalid flag: resuired
Nov 26 09:24:36 vmhost sshd[2638]: pam_set_item(4)
Nov 26 09:24:36 vmhost sshd[2638]: pam_authenticate()
Nov 26 09:24:36 vmhost sshd[2638]: load_modules: /usr/lib/security/hpux32/libpam_hpsec.so.1
Nov 26 09:24:36 vmhost sshd[2638]: load_function: successful load of pam_sm_authenticate
Nov 26 09:24:36 vmhost sshd[2638]: pam_set_item(5)
Nov 26 09:24:36 vmhost sshd[2638]: load_modules: /usr/lib/security/hpux32/libpam_unix.so.1
Nov 26 09:24:36 vmhost sshd[2638]: pam_get_username(ux)
Nov 26 09:24:36 vmhost sshd[2638]: pam_mapping_in_use()
Nov 26 09:24:39 vmhost inetd[2640]: registrar/tcp: Connection from vmhost (111.222.333.444) at Wed Nov 26 09:24:39 2008
Nov 26 09:24:36 vmhost sshd[2638]: load_function: successful load of pam_sm_authenticate
Nov 26 09:24:39 vmhost sshd[2638]: pam_set_item(6)
Nov 26 09:24:39 vmhost sshd[2638]: pam_authenticate: error Authentication failed
Nov 26 09:24:41 vmhost sshd[2638]: error: PAM: Authentication failed for test from vmhost.domain.com
Nov 26 09:24:41 vmhost sshd[2638]: pam_set_item(5)
Nov 26 09:24:41 vmhost sshd[2638]: pam_authenticate()
Nov 26 09:24:39 vmhost sshd[2638]: pam_set_item(6)
Nov 26 09:24:41 vmhost sshd[2638]: load_modules: /usr/lib/security/hpux32/libpam_hpsec.so.1
Nov 26 09:24:41 vmhost sshd[2638]: pam_get_username(ux)
Nov 26 09:24:41 vmhost sshd[2638]: pam_mapping_in_use()
Nov 26 09:24:50 vmhost sshd[2638]: pam_set_item(6)
Nov 26 09:24:50 vmhost sshd[2638]: pam_authenticate: error Authentication failed
Nov 26 09:24:52 vmhost sshd[2638]: error: PAM: Authentication failed for test from vmhost.domain.com
Any Ideas....why
pam_authenticate:<--- fails?
Nov 26 09:24:36 vmhost sshd[2638]: invalid flag: resuired <--means what?
Looking forward to hear from you guys
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-26-2008 08:34 AM
тАО11-26-2008 08:34 AM
Re: Kerberos setup issue [HPUX---->AD(KDC)]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-27-2008 01:41 AM
тАО11-27-2008 01:41 AM
Re: Kerberos setup issue [HPUX---->AD(KDC)]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-27-2008 02:45 AM
тАО11-27-2008 02:45 AM
Re: Kerberos setup issue [HPUX---->AD(KDC)]
Further, to see if all necessary software is installed, you should run "swlist -l product | grep -i -e krb -e kerb".
This should return 4 lines = KRB5-Client, PAM-Kerberos, krb5client, PHSS_34991 (or later).