sudo with kerberos

Ubaid Rahman ubaid.u.rahman at gsk.com
Tue May 3 15:00:07 EDT 2011 

Got it to work!

Had to disable tgt_verify option in the methods.cfg file to let sudo, su, telnet and ftp work!!!

Ubaid Rahman
Senior AIX Administrator
SCS C&ES Infrastructure
Admin 1 # 146E
Ph # *.703.2817 (internal) or 919.483.2817 (external)
      # 919.314.7177 (cell)   


-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf Of kerberos-request at mit.edu
Sent: Tuesday, May 03, 2011 12:05 PM
To: kerberos at mit.edu
Subject: Kerberos Digest, Vol 101, Issue 3

Send Kerberos mailing list submissions to
	kerberos at mit.edu

To subscribe or unsubscribe via the World Wide Web, visit
	https://mailman.mit.edu/mailman/listinfo/kerberos
or, via email, send a message with subject or body 'help' to
	kerberos-request at mit.edu

You can reach the person managing the list at
	kerberos-owner at mit.edu

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Kerberos digest..."


Today's Topics:

   1. cross realm trust (aydin)
   2. sudo with kerberos (Ubaid Rahman)


----------------------------------------------------------------------

Message: 1
Date: Mon, 02 May 2011 16:38:31 +0300
From: aydin <aydin at prosoft.com.tr>
Subject: cross realm trust
To: "kerberos at mit.edu" <kerberos at mit.edu>
Message-ID: <4DBEB3D7.7070005 at prosoft.com.tr>
Content-Type: text/plain; charset=ISO-8859-9; format=flowed

Hi all,

I am trying to setup a cross realm authentication between microsoft and mit kerberos
running on rhel.

Mit kerberos realm is going to trust to ms realm.
Both kdc'a are running fine in their own realms.

We have set up principals on both kdc's.
krbtgt/mit.realm at ms.realm

A windows client tries to open an ssh connection to a linux system.

Windows client asks krbtgt/mit.realm at ms.realm ticket to its own kdc and
gets the ticket.

This is the point that i get confused and need your help.
Ms client than requests host/sshserver.mit.realm.

As far as I know first both kdc's has to share krbtgt ticket to establish a trust
relation first.

Does anyone knows how this should work.

Regards,

Aydin




------------------------------

Message: 2
Date: Mon, 2 May 2011 14:27:23 -0500
From: Ubaid Rahman <ubaid.u.rahman at gsk.com>
Subject: sudo with kerberos
To: "kerberos at mit.edu" <kerberos at MIT.EDU>
Message-ID:
	<1DFE27698BBA1B49B6A8C6B7F7E37253C48DC7BB09 at 019D-NAMSG-01.019D.MGD.MSFT.NET>
	
Content-Type: text/plain; charset="us-ascii"

Hi

I am trying to configure sudo to use Kerberos authentication in an AIX(6.1) environment, so far hadn't had any luck. Can anyone with a similar environment help?


Ubaid Rahman
Senior AIX Administrator
SCS C&ES Infrastructure
Admin 1 # 146E
Ph # *.703.2817 (internal) or 919.483.2817 (external)
      # 919.314.7177 (cell)



------------------------------

_______________________________________________
Kerberos mailing list
Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


End of Kerberos Digest, Vol 101, Issue 3
****************************************

More information about the Kerberos mailing list