HPE Community
Operating System - HP-UX
1829576 Members
2292 Online
109992 Solutions
New Discussion

Migrating to Kerberos

 
Olivier Masse
Honored Contributor

‎08-26-2009 05:34 PM

‎08-26-2009 05:34 PM

Migrating to Kerberos

Hi

I've stumbled upon a document produced by some security bigwigs in a far, far away place in my company and it looks like a future corporate policy will be to use a "Kerberos-based infrastructure to authenticate all users with the help of a PAM module". I don't have more detailed specs but currently I'm using standard Unix authentication, and I suspect that I'll have to migrate to a kerberized LDAP once the order comes.

As I don't know anything about Kerberos, I spent some time reading quickly what's available on docs.hp.com. It seems to have been available for a long while, there is a PAM module available, and sshd supports it natively. So I seem okay on that side. But there are not much real-life implementation examples so I don't get the big picture.

Anybody went through a similar transition and would like to share thoughts and tips?

More specifically, a selling point of Kerberos seems to be that I can use it for single sign ons. What I'd like to know is, will I be able to log-in using a Kerberos token directly through Putty without being prompted for a password, then be able to privrun to root easily using RBAC, all this using that same token?

Thanks
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.