Using non kerberized services on Solaris9 client
Will Fiveash
william.fiveash at sun.com
Tue Jun 29 15:46:57 EDT 2004
On Mon, Jun 28, 2004 at 04:28:53PM -0500, Judi Buff wrote:
>
> I have set up my Solaris9 server as a client so that all users on this
> server will authenticate from KDC's off campus. Kinit, kdestroy, and
> klist are working.
>
> But, I'm not sure what to do next so that my users will authenticate
> with their kerberos password, but use non-kerberized services such as
> telnet, ftp, and ssh. In other words, when they type the command telnet
> servername.domain.edu I want it to accept the kerberos password and
> destroy the ticket when they log out. Can this be done?
>
> We are only interested in using kerberos for single-sign-on. Our users
> will be able to continue using services as usual. We are running
> tcpwrappers to control who can use the services.
Judi, I don't know at this point how to automate destroying the tickets
on exit but I do want to point out that Sun does provides a package with
kerberized versions of remote apps like telnet, rsh, ftp, etc... (ssh
isn't kerberized in S9 but it is in S10) that can use the kerberos
credential to authenticate when connecting to a remote system instead of
sending the password in the clear. Look for the SEAM 1.0.2 download on:
http://wwws.sun.com/software/download/security.html
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the Kerberos
mailing list