Kerberos Authentication Support help

Todd Grayson tgrayson at cloudera.com
Fri Oct 7 10:58:07 EDT 2016


Anil

You are not using MIT Kerberos, it appears your organization installed this
product listed below at some point

https://en.wikipedia.org/wiki/FoxT_ServerControl

It would be best to be contacting their support organization for assistance
with their BOKS product suite.

The Open source implementation allows that command, it might be that a
policy is missing or needs to be updated to allow this in the FoxT software?

http://www.foxt.com/boks-servercontrol/

On Fri, Oct 7, 2016 at 8:44 AM, <Anilkumar.Palahanumanthrao at wellsfargo.com>
wrote:

> Please see below.
>
>
>
> Also echo "password" | /opt/boksm/bin/kinit userid is prompting for
> password, which I is not expected. I want the command to take  password and
> login directly. Can you help ?
>
>
>
> $ which kinit
>
> /opt/boksm/bin/kinit
>
> $
>
> $ which klist
>
> /opt/boksm/bin/klist
>
> $ cd /opt/boksm/bin/
>
> $ clear
>
> $ ls -lrt
>
> total 29092
>
> -rwxr-xr-x 1 root root     785 May  7  2013 telnet
>
> drwxr-xr-x 2 root root    4096 May  7  2013 X11
>
> -rwsr-xr-x 1 root root 2100256 May  7  2013 ssh-keysign
>
> -rwxr-xr-x 1 root root 1961056 May  7  2013 ssh-keygen
>
> -rwxr-xr-x 1 root root 1873440 May  7  2013 ssh-agent
>
> -rwxr-xr-x 1 root root 1903552 May  7  2013 ssh-add
>
> -rwxr-xr-x 1 root root  144536 May  7  2013 sftp
>
> -rwxr-xr-x 1 root root  128192 May  7  2013 scp
>
> -rwsr-xr-x 1 root root 2048416 May  7  2013 sshpkadm
>
> -rwsr-xr-x 1 root root 1191160 May  7  2013 swrole
>
> -rwsr-xr-x 1 root root  102624 May  7  2013 rolelist
>
> -rwsr-xr-x 1 root root  320000 May  7  2013 pvi
>
> -rwxr-xr-x 1 root root 2764040 May  7  2013 klist
>
> -rwxr-xr-x 1 root root 2729160 May  7  2013 kinit
>
> -rwxr-xr-x 1 root root 2603176 May  7  2013 kgetcred
>
> -rwxr-xr-x 1 root root 2570184 May  7  2013 kdestroy
>
> -rwxr-xr-x 1 root root 4215848 Oct 16  2013 ssh
>
> -rwsr-xr-x 1 root root 3071992 Mar  5  2014 suexec
>
> -rwxr-xr-x 1 root root    4035 Jul 29  2015 sudo
>
> -rwxr-xr-x 1 root root    5726 Jul 29  2015 pbrun
>
> -rwxr-xr-x 1 root root    5522 Jul 29  2015 bksu
>
>
>
> *From:* Todd Grayson [mailto:tgrayson at cloudera.com]
> *Sent:* Thursday, October 06, 2016 3:55 PM
> *To:* Robbie Harwood
> *Cc:* Pala hanumanth rao, Anil kumar; kerberos at MIT.EDU
> *Subject:* Re: Kerberos Authentication Support help
>
>
>
> Anil,
>
>
>
> This is not really "support" more than a community discussion list (for
> your information).
>
>
>
> Do a 'which kinit' to verify your proper path to the kinit command on the
> distro you are on...
>
>
>
> This works, but realize the path /opt/boksm/bin/kinit is not valid (by
> default) on linux...
>
>
>
> for example:
>
>
>
> [12:50 root at admin1 ~] > which kinit
>
> kinit is /usr/bin/kinit
>
> [12:50 root at admin1 ~] > kdestroy
>
> [12:50 root at admin1 ~] > klist
>
> klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
>
> [12:50 root at admin1 ~] > echo "Password1" | /usr/bin/kinit
> tgrayson at AD.EXAMPLE.COM
>
> Password for tgrayson at AD.EXAMPLE.COM:
>
> [12:50 root at admin1 ~] > klist -ef
>
> Ticket cache: FILE:/tmp/krb5cc_0
>
> Default principal: tgrayson at AD.EXAMPLE.COM
>
>
>
> Valid starting     Expires            Service principal
>
> 10/06/16 12:50:40  10/06/16 22:51:32  krbtgt/AD.EXAMPLE.COM at AD.EXAMPLE.COM
>
>                 renew until 10/13/16 12:50:40, Flags: FRIA
>
>                 Etype (skey, tkt): aes256-cts-hmac-sha1-96,
> aes256-cts-hmac-sha1-96
>
>
>
> On Thu, Oct 6, 2016 at 1:39 PM, Robbie Harwood <rharwood at redhat.com>
> wrote:
>
> Anilkumar.Palahanumanthrao at wellsfargo.com writes:
>
> > Dear Support,
> >
> > We are using Kerberos Authentication in the past on AIX with the below
> command and it worked fine.
> > echo "password" | /opt/boksm/bin/kinit userid
> >
> > We recently migrated from AIX to Linux, and when we gave the above
> > commands,it is asking for password in interactive mode.
> >
> > userid 's Password:
> >
> > We would like to pass the password dynamically, please help.
>
> Is this MIT's krb5 or Heimdal's?  What version?
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
>
>
>
> --
>
> Todd Grayson
>
> Business Operations Manager
>
> Customer Operations Engineering
>
> Security SME
>
>


-- 
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME


More information about the Kerberos mailing list