RedHat 6 pam_krb5

includes the system-auth configuration. The weird configuration for pam_krb5.so is a mix of sufficient and requiste. Thanks in advance for any help, Tiago Elvas Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Kerberos FTP ticket filename

Still no success. I tried adding the debug option but no conclusing messages shown.. Any other thoughts? On Mon, May 20, 2013 at 7:18 PM, Russ Allbery wrote: > Tiago Elvas writes: > > > I am not sure I fully understand your indications so I paste the contents > > of the fil

Re: Kerberos FTP ticket filename

pam_keyinit.so revoke > session required pam_limits.so > session [success=1 default=ignore] pam_succeed_if.so service in crond > quiet use_uid > session optional pam_krb5.so minimum_uid=500 > session required pam_unix.so On Mon, May 20, 2013 at 6:46 PM,

Re: Kerberos FTP ticket filename

As for the SSH, could you tell me how to accomplish that? In my initial attempts I believe I tried to set ccache name and dir but without success. The ftp server is vsftpd. Does this help? Thanks, Tiago On Mon, May 20, 2013 at 6:37 PM, Russ Allbery wrote: > Tiago Elvas writes: > >

Re: Kerberos FTP ticket filename

file, and so I have hundreds of tickets there. When I login/logout in SSH, the ticket gets deleted; but in the FTP it doesn't.. That's the problem... :) Best regards, Tiago On Mon, May 20, 2013 at 6:21 PM, Russ Allbery wrote: > Tiago Elvas writes: > > > I am having a pro

Kerberos FTP ticket filename

Hi all, I am having a problem here with the FTP authentication using Kerberos. What is happening is that when I connect from host_A to host_B using ftp, the acquired ticket (in host_B) is being stored as "/tmp/krb5cc_503_z2fgka". I also had this problem in SSH logins, and it seems to be related t

Re: Unable to change Kerberos Ticket Life and Renewal Life

r > > > On Thu, Apr 18, 2013 at 1:53 PM, Tiago Elvas wrote: > >> Hi Gaurav, >> >> I have received great help from this mailing list for the same issue. >> I think you'll find useful information in this topic: >> >> http://serverfault.c

Re: Unable to change Kerberos Ticket Life and Renewal Life

Hi Gaurav, I have received great help from this mailing list for the same issue. I think you'll find useful information in this topic: http://serverfault.com/questions/132123/how-to-change-the-kerberos-default-ticket-lifetime Best regards, Tiago On Thu, Apr 18, 2013 at 8:45 AM, Gaurav Dasgupta

Re: Max renewable lifetime issues

Thanks a lot Benjamin! I'll try that tomorrow, hope it'l work :) On Wed, Mar 13, 2013 at 7:44 PM, Benjamin Kaduk wrote: > On Wed, 13 Mar 2013, Tiago Elvas wrote: > > Hi all, >> >> I am having a problem in my system which I do not understand why it's &g

Re: Max renewable lifetime issues

r 13, 2013 at 4:47 AM, Tiago Elvas wrote: > > I am having a problem in my system which I do not understand why it's > > happening. > > Firstly, I have a KDC running on a RedHat 5.7 machine. I have the > parameter > > maximum_renewable_life as 5000days in kdc.conf and k

Max renewable lifetime issues

Hi all, I am having a problem in my system which I do not understand why it's happening. Firstly, I have a KDC running on a RedHat 5.7 machine. I have the parameter maximum_renewable_life as 5000days in kdc.conf and krb5.conf. For each user I have added, I also configured as 5000days max_renewable

Re: Ticket renewal not working

limit on this max renew, right? Thanks! On Wed, Jul 18, 2012 at 6:09 PM, Oliver Loch wrote: > shot in the dark: > > set the max_renewable_lifetime > ticket_lifetime. > > Else the ticket becomes invalid and can't be renewed after 5 minutes... > > KR, > > Oliver

Ticket renewal not working

Hi there, I am experience problems at the time of ticket renewal. For this test I am using 5minute tickets (for quick testing) and so: # /var/kerberos/krb5kdc/kdc.conf max_life = 5m 0s max_renewable_life = 5m 0s # /etc/krb5.conf ticket_lifetime = 5m renew_lifetime = 5m The principal in use is na

Re: LDAP backend - help needed...

For the kadmin.local to work I believe you have a misconfiguration. You should create a kadmin keytab placed in /etc/kadm5.keytab including principals: kadmin/admin > kadmin/changepw > kadmin/ then in kdc.conf [realms] > EXAMPLE.UNI-KOELN.DE = { >... > adm

Windows Login against Linux KDC

Hi all, I am struggling to configure my Windows machine running a Windows Server 2008. 1- I have established a domain with a KDC running on a Redhat 5.7 machine. I have correctly configured other Linux machine to retrieve tickets on login ('su' and 'ssh' through PAM) 2- In the Windows machine, I

Will pam_mkhomedir work for non-existing unix accounts

Hi there, Can I make pam to work so that I don't need to create a unix account for each new kerberos user? I mean, in kerberos I would have the user "tiago" but in my linux don't have this account created. Is there a way to admin this system so that I don't have to manually "useradd "... each tim

Re: Error configuring Kerberos and OpenDS

On Thu, Feb 23, 2012 at 10:34 AM, Tiago Elvas wrote: > I have followed that tutorial to setup my machine without success, that's > when I wrote to this list initially. > > As for the "Decrypt integrity check failed", I can do a kinit and > successfully receive a

Re: Authenticate as user/instance

openDS its profile info as admin. On the other hand, I am also strugling with openDS aci to control this... On Tue, Mar 13, 2012 at 8:57 PM, Nico Williams wrote: > On Tue, Mar 13, 2012 at 1:59 PM, Tiago Elvas wrote: > > The domain will be made of several machines, which will b

Re: Authenticate as user/instance

x27;ll need to unserstand what "username mapping functionality of MIT krb5" is... thanks for your answer Nico! On Tue, Mar 13, 2012 at 7:45 PM, Nico Williams wrote: > On Tue, Mar 13, 2012 at 4:50 AM, Tiago Elvas wrote: > > Thanks for your reply. > > The idea is to have a doma

Re: Authenticate as user/instance

On Tue, Mar 13, 2012 at 6:45 PM, John Devitofranceschi wrote: > How is 'operator' going to authenticate? > > Will it have its own password and principal? Or will users be mapped to it > via operator's .k5login or by using auth_to_local statements in krb5.conf? > > jd The operator will login to

Re: Authenticate as user/instance

ch time I login. Unless I modify the .bashrc file to do that... Thanks, Tiago On Tue, Mar 13, 2012 at 7:34 AM, Carson Gaspar wrote: > [ Trimmed and de-top-posted ] > > On 3/12/12 6:58 PM, John Devitofranceschi wrote: > > On Mar 12, 2012, at 12:24, Tiago Elvas wrote: > > >

Authenticate as user/instance

Dear all, I would like to configure my machine so that when I login as user "operator" I get a credential as operator/instance, where instance should be the hostname. The idea is that if I login as "operator" in both machines I get different tickets. I thought that the instance should be the hos

Re: Error configuring Kerberos and OpenDS

hecked. Could you clarify this? Thanks once again, Tiago On Wed, Feb 22, 2012 at 8:44 PM, Mantas M. wrote: > On Wed, Feb 22, 2012 at 08:41:15PM +0100, Tiago Elvas wrote: > > Thanks for the tip. > > > > I know have the following error: > > > > Feb 22 20:39:37 ldap

Re: Error configuring Kerberos and OpenDS

Any clue on what's failing? Another question, how should I configure openDS access control to accept GSSAPI with kerberos tickets? Thanks in advance On Tue, Feb 21, 2012 at 5:28 PM, Mantas M. wrote: > On Tue, Feb 21, 2012 at 11:23:04AM +0100, Tiago Elvas wrote: > > NO PREAU

Re: Error configuring Kerberos and OpenDS

rberos. > > > On Tue, Feb 21, 2012, at 12:47 PM, Tiago Elvas wrote: > > I just have openDS installed, openLDAP is not used here... > > Any other hint? > > > > :) > > Thanks > > > > On Tue, Feb 21, 2012 at 12:33 PM, nudge wrote: > > > > &g

Re: Error configuring Kerberos and OpenDS

n what's happening. > > > On Tue, Feb 21, 2012, at 11:23 AM, Tiago Elvas wrote: > > Thanks for you answer Tom. > > > > I added that principal and changed all principals and entries in the > > keytabs to have the fqn as in hostname.domain.com. > > > &g

Re: Error configuring Kerberos and OpenDS

, Feb 20, 2012 at 7:50 PM, Tom Yu wrote: > Tiago Elvas writes: > > > *And This is the log in /var/log/krb5kdc.log* > > Feb 20 19:26:13 ldapserver krb5kdc[15295](info): AS_REQ (5 etypes {3 1 23 > > 16 17}) 172.23.14.210: ISSUE: authtime 1329762373, etypes {rep=23 tkt=18 >

Error configuring Kerberos and OpenDS

Hi there, I am having trouble configuring a machine to work with Kerberos and OpenDS. I will describe you the architecture, then post the configuration and then the logs. - *Architecture* I am running Kerberos and OpenDS on the same machine, RHEL 5.7, named ldapserver - *Configuration*