https://community.hpe.com/t5/operating-system-hp-ux/migrating-to-kerberos/m-p/4486791#M732904 Hi<BR /><BR />I've stumbled upon a document produced by some security bigwigs in a far, far away place in my company and it looks like a future corporate policy will be to use a "Kerberos-based infrastructure to authenticate all users with the help of a PAM module". I don't have more detailed specs but currently I'm using standard Unix authentication, and I suspect that I'll have to migrate to a kerberized LDAP once the order comes.<BR /><BR />As I don't know anything about Kerberos, I spent some time reading quickly what's available on docs.hp.com. It seems to have been available for a long while, there is a PAM module available, and sshd supports it natively. So I seem okay on that side. But there are not much real-life implementation examples so I don't get the big picture. <BR /><BR />Anybody went through a similar transition and would like to share thoughts and tips?<BR /><BR />More specifically, a selling point of Kerberos seems to be that I can use it for single sign ons. What I'd like to know is, will I be able to log-in using a Kerberos token directly through Putty without being prompted for a password, then be able to privrun to root easily using RBAC, all this using that same token? <BR /><BR />Thanks Thu, 27 Aug 2009 00:34:44 GMT Olivier Masse 2009-08-27T00:34:44Z https://community.hpe.com/t5/operating-system-hp-ux/migrating-to-kerberos/m-p/4486791#M732904 Hi<BR /><BR />I've stumbled upon a document produced by some security bigwigs in a far, far away place in my company and it looks like a future corporate policy will be to use a "Kerberos-based infrastructure to authenticate all users with the help of a PAM module". I don't have more detailed specs but currently I'm using standard Unix authentication, and I suspect that I'll have to migrate to a kerberized LDAP once the order comes.<BR /><BR />As I don't know anything about Kerberos, I spent some time reading quickly what's available on docs.hp.com. It seems to have been available for a long while, there is a PAM module available, and sshd supports it natively. So I seem okay on that side. But there are not much real-life implementation examples so I don't get the big picture. <BR /><BR />Anybody went through a similar transition and would like to share thoughts and tips?<BR /><BR />More specifically, a selling point of Kerberos seems to be that I can use it for single sign ons. What I'd like to know is, will I be able to log-in using a Kerberos token directly through Putty without being prompted for a password, then be able to privrun to root easily using RBAC, all this using that same token? <BR /><BR />Thanks Thu, 27 Aug 2009 00:34:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/migrating-to-kerberos/m-p/4486791#M732904 Olivier Masse 2009-08-27T00:34:44Z