Hi.
I'm quite new to AIX, so please excuse me... probably it's simple... I've read the redbook about AIX/Linux, but in no way I can figure out if I'm doing good, and I miss a step... I'm struggling with AIX 5.2... my knowledge is more on linux, AIX seems to have a different way of interpreting authentication...
First, I configured Kerberos5 and LDAP. Now I can obtain a ticket from our KDCs, and ldap works for quieries... I noticed also that ldap comes with no GSSAPI!
Now, I don't know how to continue, since AFS is running without kaserver, we have mit kdc and openldap for home directory and uid/gid mapping... Then... how can I make AIX join the afs cell as a client?
In simple tasks: - UID/GID mapping with LDAP entries - Kerberos Authentication (lsauthent shows K5 and then STD) - AFS token grabbing (default k5 on aix seems mit-like)
Tell me if my guesses are right:
First, /etc/security/user
default: admin = false login = true su = true daemon = true rlogin = true sugroups = ALL admgroups = ttys = ALL auth1 = SYSTEM auth2 = NONE tpath = nosak SYSTEM = "KRB5files OR compat" * SYSTEM = "AFS OR (AFS[UNAVAIL] AND compat[SUCCESS])" registry = DCE umask = 022 expires = 0 logintimes = pwdwarntime = 0 account_locked = false
Then /usr/lib/security/methods.cfg
AFS: program = /usr/vice/etc/afs_dynamic_auth
KRB5: program = /usr/lib/security/KRB5
KRB5files: options = db=BUILTIN,auth=KRB5
Finally /usr/vice/etc (ThisCell, CellServDB), and LDAP. Everything seems to work, but now I need to glue all the pieces... can you tell me if I'm doing good?
plmserver:~> ldapsearch "cn=plm" version: 2
# # filter: cn=plm # requesting: ALL #
# plm dn: cn=plm objectClass: top objectClass: posixGroup cn: plm gidNumber: 10002 memberUid: username description: afs plm group
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
plmserver:~> kinit username Password for [EMAIL PROTECTED]:
plmserver:~> klist Ticket cache: FILE:/var/krb5/security/creds/krb5cc_10831 Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal 03/17/05 20:48:47 03/18/05 06:48:47 krbtgt/[EMAIL PROTECTED]
plmserver:~>
-- Sensei <mailto:[EMAIL PROTECTED]> <pgp:8998A2DB> <icqnum:241572242> <yahoo!:sensei_sen> <msn-id:[EMAIL PROTECTED]>
signature.asc
Description: OpenPGP digital signature