Red Hat Login

James Walthall jwaltha at us.ibm.com
Thu Feb 19 15:15:18 EST 2004


I have configured red hat and kerberos in the following way:

        - There is a principle for Administrator in the database with its 
associated password which appears as Administrator at RALEIGH.IBM.COM in 
realm RALEIGH.IBM.COM
        - The machine configured for authentication is a redhat 8 machine, 
pointed to our kerberos kdc
        - The machine configured for authentication has a .k5login file 
with the following single entry as its only line:  Administrator
        - The machine configured for authentication has no local user 
known as Administrator as an account

This configuration is incorrect. Red hat will not let me login as 
administrator. If I add the user as an account, it lets me login, but it 
logs on locally and does not request a password
from kerberos (this has been verified by trying to change the password 
through kadmin and it not affecting the machine configured for 
authentication)

What needs to be done to get Red Hat authenticating Administrator through 
kerberos correctly???



---------------
James Walthall Jr
IBM Host Integration Server Test / HATS
Outside: (919) 254-8869
Tieline: 444-8869
Research Triangle Park
Raleigh, North CarolinaaFrom wyllys.ingersoll at sun.com Thu Feb 19 17:02:51 2004
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
	[18.7.21.83])
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i1JM2pqb013632
	for <kerberos at PCH.mit.edu>; Thu, 19 Feb 2004 17:02:51 -0500 (EST)
Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14])
	i1JM2n2G018086
	for <kerberos at mit.edu>; Thu, 19 Feb 2004 17:02:50 -0500 (EST)
Received: from jurassic.eng.sun.com ([129.146.83.36])
	by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id i1JM2bdO006004;
	Thu, 19 Feb 2004 14:02:37 -0800 (PST)
Received: from 192.129.100.95 (vpn-129-152-200-73.East.Sun.COM
	[129.152.200.73])i1JM2Zmp862638;
	Thu, 19 Feb 2004 14:02:36 -0800 (PST)
From: Wyllys Ingersoll <wyllys.ingersoll at sun.com>
To: "Douglas E. Engert" <deengert at anl.gov>
In-Reply-To: <4035172C.F60ACDFF at anl.gov>
References: <20040219193637.32528.qmail at web80603.mail.yahoo.com>
	 <4035172C.F60ACDFF at anl.gov>
Content-Type: text/plain
Message-Id: <1077227926.4025.66.camel at pebblebeach.wki.test.net>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 
Date: Thu, 19 Feb 2004 16:58:46 -0500
Content-Transfer-Encoding: 7bit
cc: kerberos at mit.edu
cc: Tyson Oswald <oswaldt at ameritech.net>
Subject: Re: Fwd: Re: Kerberos error authenticating from Unix to Windows AD
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
Reply-To: wyllys.ingersoll at sun.com
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Thu, 19 Feb 2004 22:02:52 -0000

On Thu, 2004-02-19 at 15:06, Douglas E. Engert wrote:

> 
> Somethinhg else to try:  
> 
> login to the Sun using normal login. 
> 
>  Using the SEAM commands: 
>   
>   kinit user at realm
>   klist -f -e
> 
> Then try 
> 
>   kinit -S t/myserver.ameritech.net at MY.REALM
> 
> which will ask for your user and password, then try and get a service ticket
> for the host. 
> 
> Also look at the /etc/krb5.conf file. (I think SEAM uses the same locaiton.)

No, SEAM puts the Kerberos config stuff in its own directory
For example, /etc/krb5/krb5.conf

SEAM has been tested to work with Active Directory, so it sounds
like a configuration error somewhere.

-Wyllys





More information about the Kerberos mailing list