Kerberos Authentication Support help
Anilkumar.Palahanumanthrao@wellsfargo.com
Anilkumar.Palahanumanthrao at wellsfargo.com
Fri Oct 7 12:06:30 EDT 2016
Todd,
So are you saying, this is not Red Hat Linux, but FoxT Linux ?
Thanks,
Anil Rao
From: Todd Grayson [mailto:tgrayson at cloudera.com]
Sent: Friday, October 07, 2016 10:58 AM
To: Pala hanumanth rao, Anil kumar
Cc: Robbie Harwood; kerberos at MIT.EDU
Subject: Re: Kerberos Authentication Support help
Anil
You are not using MIT Kerberos, it appears your organization installed this product listed below at some point
https://en.wikipedia.org/wiki/FoxT_ServerControl
It would be best to be contacting their support organization for assistance with their BOKS product suite.
The Open source implementation allows that command, it might be that a policy is missing or needs to be updated to allow this in the FoxT software?
http://www.foxt.com/boks-servercontrol/
On Fri, Oct 7, 2016 at 8:44 AM, <Anilkumar.Palahanumanthrao at wellsfargo.com<mailto:Anilkumar.Palahanumanthrao at wellsfargo.com>> wrote:
Please see below.
Also echo "password" | /opt/boksm/bin/kinit userid is prompting for password, which I is not expected. I want the command to take password and login directly. Can you help ?
$ which kinit
/opt/boksm/bin/kinit
$
$ which klist
/opt/boksm/bin/klist
$ cd /opt/boksm/bin/
$ clear
$ ls -lrt
total 29092
-rwxr-xr-x 1 root root 785 May 7 2013 telnet
drwxr-xr-x 2 root root 4096 May 7 2013 X11
-rwsr-xr-x 1 root root 2100256 May 7 2013 ssh-keysign
-rwxr-xr-x 1 root root 1961056 May 7 2013 ssh-keygen
-rwxr-xr-x 1 root root 1873440 May 7 2013 ssh-agent
-rwxr-xr-x 1 root root 1903552 May 7 2013 ssh-add
-rwxr-xr-x 1 root root 144536 May 7 2013 sftp
-rwxr-xr-x 1 root root 128192 May 7 2013 scp
-rwsr-xr-x 1 root root 2048416 May 7 2013 sshpkadm
-rwsr-xr-x 1 root root 1191160 May 7 2013 swrole
-rwsr-xr-x 1 root root 102624 May 7 2013 rolelist
-rwsr-xr-x 1 root root 320000 May 7 2013 pvi
-rwxr-xr-x 1 root root 2764040 May 7 2013 klist
-rwxr-xr-x 1 root root 2729160 May 7 2013 kinit
-rwxr-xr-x 1 root root 2603176 May 7 2013 kgetcred
-rwxr-xr-x 1 root root 2570184 May 7 2013 kdestroy
-rwxr-xr-x 1 root root 4215848 Oct 16 2013 ssh
-rwsr-xr-x 1 root root 3071992 Mar 5 2014 suexec
-rwxr-xr-x 1 root root 4035 Jul 29 2015 sudo
-rwxr-xr-x 1 root root 5726 Jul 29 2015 pbrun
-rwxr-xr-x 1 root root 5522 Jul 29 2015 bksu
From: Todd Grayson [mailto:tgrayson at cloudera.com<mailto:tgrayson at cloudera.com>]
Sent: Thursday, October 06, 2016 3:55 PM
To: Robbie Harwood
Cc: Pala hanumanth rao, Anil kumar; kerberos at MIT.EDU<mailto:kerberos at MIT.EDU>
Subject: Re: Kerberos Authentication Support help
Anil,
This is not really "support" more than a community discussion list (for your information).
Do a 'which kinit' to verify your proper path to the kinit command on the distro you are on...
This works, but realize the path /opt/boksm/bin/kinit is not valid (by default) on linux...
for example:
[12:50 root at admin1 ~] > which kinit
kinit is /usr/bin/kinit
[12:50 root at admin1 ~] > kdestroy
[12:50 root at admin1 ~] > klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
[12:50 root at admin1 ~] > echo "Password1" | /usr/bin/kinit tgrayson at AD.EXAMPLE.COM<mailto:tgrayson at AD.EXAMPLE.COM>
Password for tgrayson at AD.EXAMPLE.COM<mailto:tgrayson at AD.EXAMPLE.COM>:
[12:50 root at admin1 ~] > klist -ef
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: tgrayson at AD.EXAMPLE.COM<http://AD.EXAMPLE.COM>
Valid starting Expires Service principal
10/06/16 12:50:40 10/06/16 22:51:32 krbtgt/AD.EXAMPLE.COM<http://AD.EXAMPLE.COM>@AD.EXAMPLE.COM<http://AD.EXAMPLE.COM>
renew until 10/13/16 12:50:40, Flags: FRIA
Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
On Thu, Oct 6, 2016 at 1:39 PM, Robbie Harwood <rharwood at redhat.com<mailto:rharwood at redhat.com>> wrote:
Anilkumar.Palahanumanthrao at wellsfargo.com<mailto:Anilkumar.Palahanumanthrao at wellsfargo.com> writes:
> Dear Support,
>
> We are using Kerberos Authentication in the past on AIX with the below command and it worked fine.
> echo "password" | /opt/boksm/bin/kinit userid
>
> We recently migrated from AIX to Linux, and when we gave the above
> commands,it is asking for password in interactive mode.
>
> userid 's Password:
>
> We would like to pass the password dynamically, please help.
Is this MIT's krb5 or Heimdal's? What version?
________________________________________________
Kerberos mailing list Kerberos at mit.edu<mailto:Kerberos at mit.edu>
https://mailman.mit.edu/mailman/listinfo/kerberos
--
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME
[http://files.cloudera.com.s3.amazonaws.com/New%20Branding/cloudera-small.png]
--
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME
[http://files.cloudera.com.s3.amazonaws.com/New%20Branding/cloudera-small.png]
More information about the Kerberos
mailing list