HPE Community
Operating System - HP-UX
1824971 Members
3258 Online
109678 Solutions
New Discussion юеВ

Kerberos security

 
Ngoh Chean Siung
Super Advisor

тАО01-09-2005 11:06 PM

тАО01-09-2005 11:06 PM

Kerberos security

Hi,

How I know whether the Kerberos security is used in my system?

regards.
0 Kudos
Reply
6 REPLIES 6
Robert-Jan Goossens
Honored Contributor

тАО01-09-2005 11:11 PM

тАО01-09-2005 11:11 PM

Re: Kerberos security

Hi,

# swlist -l fileset | grep -i kerberos

check the /etc/pam.conf

http://www.software.hp.com/portal/swdepot/displayInstallInfo.do?productNumber=J5849AA

Hope this helps,
Robert-Jan
0 Kudos
Reply
Ngoh Chean Siung
Super Advisor

тАО01-10-2005 07:46 PM

тАО01-10-2005 07:46 PM

Re: Kerberos security

Hi,

In the HP-UX 11.11 system,

# swlist -l fileset | grep -i kerberos
# KRB-Support B.11.11 Kerberos Support for HP-UX and DCE
# KRB5-Client B.11.11 Kerberos V5 Client Version 1.0
# PAM-Kerberos B.11.11.12 PAM-Kerberos Version 1.10
PAM-Kerberos.PAM-KRB-DEMO B.11.11.12 PAM-Kerberos Demonstration
PAM-Kerberos.PAM-KRB-MAN B.11.11.12 PAM-Kerberos Man Pages
PAM-Kerberos.PAM-KRB-RUN B.11.11.12 PAM-Kerberos Runtime
PAM-Kerberos.PAM-KRB-SHLIB B.11.11.12 PAM-Kerberos Shared Library

In the HP-UX 11 system,

# swlist -l fileset | grep -i kerberos
# KRB-Support B.11.00 Kerberos Support for HP-UX and DCE

Q1) I think there is Kerberos software installed in both system. How I know whether we are using this software now? Or these software is come together with the server? Because I want to hash all the kerberos services under /etc/services and /etc/inetd.conf.

Example of the kerberos services is as below:

kerberos5 88/udp kdc # Kerberos 5 kdc
klogin 543/tcp # Kerberos rlogin -kfall
kshell 544/tcp krcmd # Kerberos remote shell -kfall
ekshell 545/tcp krcmd # Kerberos encrypted remote shell -kfall
kerberos 750/udp kdc # Kerberos (server) udp -kfall
kerberos 750/tcp kdc # Kerberos (server) tcp -kfall
kerberos_master 751/tcp kadmin # Kerberos kadmin
krbupdate 760/tcp kreg # Kerberos registration -kfall
kpasswd 761/tcp kpwd # Kerberos "passwd" -kfall
eklogin 2105/tcp # Kerberos encrypted rlogin -kfall

regards.
0 Kudos
Reply
Michael Selvesteen_2
Trusted Contributor

тАО01-10-2005 08:21 PM

тАО01-10-2005 08:21 PM

Re: Kerberos security

Hello,

Try the following:

1. swlist | grep T1417AA

If it results with the following

"Kerberos Server Version X.X and its Administration Utilities"

It says HP Kerberos server is available on your host. You can simply remove the server by the following command if needed.

swremove T1417AA

2. A simple check for kerberos deamon is

ps -ef | grep kdcd

which lists kerberos deomons if it is currently running in the system.

Q1) I think there is Kerberos software installed in both system. How I know whether we are using this software now? Or these software is come together with the server? Because I want to hash all the kerberos services under /etc/services and /etc/inetd.conf.

I belive from you message no kerberos server runs on your machine. If you no more need kerberos support for those services you may hast it all.

Releated links:

http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/inetd.conf

http://www.isi.edu/gost/brian/security/kerberos.html

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1417AA


Hope this helps
--
M

0 Kudos
Reply
Ngoh Chean Siung
Super Advisor

тАО01-10-2005 09:18 PM

тАО01-10-2005 09:18 PM

Re: Kerberos security

Hi,

Q1) There is no output after running these commands
# swlist | grep T1417AA
# ps -ef | grep kdcd

What does it mean? No software installed or ...?

Q2) Where is the location of kdcd? There is also no man for kdcd.

Q3) From which messages that you know my system is not using kerberos?

regards.
0 Kudos
Reply
Michael Selvesteen_2
Trusted Contributor

тАО01-10-2005 10:45 PM

тАО01-10-2005 10:45 PM

Re: Kerberos security

Hello,

Q1) There is no output after running these commands
# swlist | grep T1417AA
# ps -ef | grep kdcd

What does it mean? No software installed or ...?

Yes..It means HP Kerberos server is not installed in your system.

http://docs.hp.com/en/B8725-90078/ch01.html


Q2) Where is the location of kdcd? There is also no man for kdcd.

In my system

# ps -ef | grep kdcd
root 658 621 0 12:28:05 ? 0:00 /opt/krb5/sbin/kdcd
root 14785 5352 0 19:36:20 pts/td 0:00 grep kdcd
root 621 1 0 12:28:04 ? 0:00 /opt/krb5/sbin/kdcd

It resides in /opt/krb5/sbin/kdcd

kdcd is a daemon that provides two services: the authentication service (AS) and the ticket-granting service (TGS).

http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html


Q3) From which messages that you know my system is not using kerberos?

I told your system has no HP kerberos server.
But there is number of kerberos clients, pam interfaces.... which are used by your applications for kerberos authentications and authorization.

FYI:

/etc/services

http://www.faqs.org/docs/securing/chap5sec40.html

Hope this helps

--
M

0 Kudos
Reply
Ngoh Chean Siung
Super Advisor

тАО01-10-2005 11:20 PM

тАО01-10-2005 11:20 PM

Re: Kerberos security

Hi,

Q1) But there is number of kerberos clients, pam interfaces.... which are used by your applications for kerberos authentications and authorization. Is all these services active/function now? How to check?

Q2) Since there is no kerberos server in my system, can I hash all the related kerberos services (kerberos clients, pam interfaces ...) in /etc/services and /etc/inetd.conf?

regards.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.