Kerberos Authentication Support help

Anilkumar.Palahanumanthrao@wellsfargo.com Anilkumar.Palahanumanthrao at wellsfargo.com
Fri Oct 7 12:06:30 EDT 2016 

Todd,

So are you saying, this is not Red Hat Linux, but FoxT Linux ?

Thanks,
Anil Rao

From: Todd Grayson [mailto:tgrayson at cloudera.com]
Sent: Friday, October 07, 2016 10:58 AM
To: Pala hanumanth rao, Anil kumar
Cc: Robbie Harwood; kerberos at MIT.EDU
Subject: Re: Kerberos Authentication Support help

Anil

You are not using MIT Kerberos, it appears your organization installed this product listed below at some point

https://en.wikipedia.org/wiki/FoxT_ServerControl

It would be best to be contacting their support organization for assistance with their BOKS product suite.

The Open source implementation allows that command, it might be that a policy is missing or needs to be updated to allow this in the FoxT software?

http://www.foxt.com/boks-servercontrol/

On Fri, Oct 7, 2016 at 8:44 AM, <Anilkumar.Palahanumanthrao at wellsfargo.com<mailto:Anilkumar.Palahanumanthrao at wellsfargo.com>> wrote:
Please see below.

Also echo "password" | /opt/boksm/bin/kinit userid is prompting for password, which I is not expected. I want the command to take  password and login directly. Can you help ?

$ which kinit
/opt/boksm/bin/kinit
$
$ which klist
/opt/boksm/bin/klist
$ cd /opt/boksm/bin/
$ clear
$ ls -lrt
total 29092
-rwxr-xr-x 1 root root     785 May  7  2013 telnet
drwxr-xr-x 2 root root    4096 May  7  2013 X11
-rwsr-xr-x 1 root root 2100256 May  7  2013 ssh-keysign
-rwxr-xr-x 1 root root 1961056 May  7  2013 ssh-keygen
-rwxr-xr-x 1 root root 1873440 May  7  2013 ssh-agent
-rwxr-xr-x 1 root root 1903552 May  7  2013 ssh-add
-rwxr-xr-x 1 root root  144536 May  7  2013 sftp
-rwxr-xr-x 1 root root  128192 May  7  2013 scp
-rwsr-xr-x 1 root root 2048416 May  7  2013 sshpkadm
-rwsr-xr-x 1 root root 1191160 May  7  2013 swrole
-rwsr-xr-x 1 root root  102624 May  7  2013 rolelist
-rwsr-xr-x 1 root root  320000 May  7  2013 pvi
-rwxr-xr-x 1 root root 2764040 May  7  2013 klist
-rwxr-xr-x 1 root root 2729160 May  7  2013 kinit
-rwxr-xr-x 1 root root 2603176 May  7  2013 kgetcred
-rwxr-xr-x 1 root root 2570184 May  7  2013 kdestroy
-rwxr-xr-x 1 root root 4215848 Oct 16  2013 ssh
-rwsr-xr-x 1 root root 3071992 Mar  5  2014 suexec
-rwxr-xr-x 1 root root    4035 Jul 29  2015 sudo
-rwxr-xr-x 1 root root    5726 Jul 29  2015 pbrun
-rwxr-xr-x 1 root root    5522 Jul 29  2015 bksu

From: Todd Grayson [mailto:tgrayson at cloudera.com<mailto:tgrayson at cloudera.com>]
Sent: Thursday, October 06, 2016 3:55 PM
To: Robbie Harwood
Cc: Pala hanumanth rao, Anil kumar; kerberos at MIT.EDU<mailto:kerberos at MIT.EDU>
Subject: Re: Kerberos Authentication Support help

Anil,

This is not really "support" more than a community discussion list (for your information).

Do a 'which kinit' to verify your proper path to the kinit command on the distro you are on...

This works, but realize the path /opt/boksm/bin/kinit is not valid (by default) on linux...

for example:

[12:50 root at admin1 ~] > which kinit
kinit is /usr/bin/kinit
[12:50 root at admin1 ~] > kdestroy
[12:50 root at admin1 ~] > klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
[12:50 root at admin1 ~] > echo "Password1" | /usr/bin/kinit tgrayson at AD.EXAMPLE.COM<mailto:tgrayson at AD.EXAMPLE.COM>
Password for tgrayson at AD.EXAMPLE.COM<mailto:tgrayson at AD.EXAMPLE.COM>:
[12:50 root at admin1 ~] > klist -ef
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: tgrayson at AD.EXAMPLE.COM<http://AD.EXAMPLE.COM>

Valid starting     Expires            Service principal
10/06/16 12:50:40  10/06/16 22:51:32  krbtgt/AD.EXAMPLE.COM<http://AD.EXAMPLE.COM>@AD.EXAMPLE.COM<http://AD.EXAMPLE.COM>
                renew until 10/13/16 12:50:40, Flags: FRIA
                Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96

On Thu, Oct 6, 2016 at 1:39 PM, Robbie Harwood <rharwood at redhat.com<mailto:rharwood at redhat.com>> wrote:
Anilkumar.Palahanumanthrao at wellsfargo.com<mailto:Anilkumar.Palahanumanthrao at wellsfargo.com> writes:

> Dear Support,
>
> We are using Kerberos Authentication in the past on AIX with the below command and it worked fine.
> echo "password" | /opt/boksm/bin/kinit userid
>
> We recently migrated from AIX to Linux, and when we gave the above
> commands,it is asking for password in interactive mode.
>
> userid 's Password:
>
> We would like to pass the password dynamically, please help.

Is this MIT's krb5 or Heimdal's?  What version?

________________________________________________
Kerberos mailing list           Kerberos at mit.edu<mailto:Kerberos at mit.edu>
https://mailman.mit.edu/mailman/listinfo/kerberos



--
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME
[http://files.cloudera.com.s3.amazonaws.com/New%20Branding/cloudera-small.png]



--
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME
[http://files.cloudera.com.s3.amazonaws.com/New%20Branding/cloudera-small.png]

More information about the Kerberos mailing list