[33362] in Kerberos
sudo with kerberos
daemon@ATHENA.MIT.EDU (Ubaid Rahman)
Tue May 3 15:00:28 2011
From: Ubaid Rahman <ubaid.u.rahman@gsk.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Tue, 3 May 2011 14:00:07 -0500
Message-ID: <1DFE27698BBA1B49B6A8C6B7F7E37253C48DC7C140@019D-NAMSG-01.019D.MGD.MSFT.NET>
In-Reply-To: <mailman.587.1304438727.4397.kerberos@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Got it to work!
Had to disable tgt_verify option in the methods.cfg file to let sudo, su, telnet and ftp work!!!
Ubaid Rahman
Senior AIX Administrator
SCS C&ES Infrastructure
Admin 1 # 146E
Ph # *.703.2817 (internal) or 919.483.2817 (external)
# 919.314.7177 (cell)
-----Original Message-----
From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of kerberos-request@mit.edu
Sent: Tuesday, May 03, 2011 12:05 PM
To: kerberos@mit.edu
Subject: Kerberos Digest, Vol 101, Issue 3
Send Kerberos mailing list submissions to
kerberos@mit.edu
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.mit.edu/mailman/listinfo/kerberos
or, via email, send a message with subject or body 'help' to
kerberos-request@mit.edu
You can reach the person managing the list at
kerberos-owner@mit.edu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Kerberos digest..."
Today's Topics:
1. cross realm trust (aydin)
2. sudo with kerberos (Ubaid Rahman)
----------------------------------------------------------------------
Message: 1
Date: Mon, 02 May 2011 16:38:31 +0300
From: aydin <aydin@prosoft.com.tr>
Subject: cross realm trust
To: "kerberos@mit.edu" <kerberos@mit.edu>
Message-ID: <4DBEB3D7.7070005@prosoft.com.tr>
Content-Type: text/plain; charset=ISO-8859-9; format=flowed
Hi all,
I am trying to setup a cross realm authentication between microsoft and mit kerberos
running on rhel.
Mit kerberos realm is going to trust to ms realm.
Both kdc'a are running fine in their own realms.
We have set up principals on both kdc's.
krbtgt/mit.realm@ms.realm
A windows client tries to open an ssh connection to a linux system.
Windows client asks krbtgt/mit.realm@ms.realm ticket to its own kdc and
gets the ticket.
This is the point that i get confused and need your help.
Ms client than requests host/sshserver.mit.realm.
As far as I know first both kdc's has to share krbtgt ticket to establish a trust
relation first.
Does anyone knows how this should work.
Regards,
Aydin
------------------------------
Message: 2
Date: Mon, 2 May 2011 14:27:23 -0500
From: Ubaid Rahman <ubaid.u.rahman@gsk.com>
Subject: sudo with kerberos
To: "kerberos@mit.edu" <kerberos@MIT.EDU>
Message-ID:
<1DFE27698BBA1B49B6A8C6B7F7E37253C48DC7BB09@019D-NAMSG-01.019D.MGD.MSFT.NET>
Content-Type: text/plain; charset="us-ascii"
Hi
I am trying to configure sudo to use Kerberos authentication in an AIX(6.1) environment, so far hadn't had any luck. Can anyone with a similar environment help?
Ubaid Rahman
Senior AIX Administrator
SCS C&ES Infrastructure
Admin 1 # 146E
Ph # *.703.2817 (internal) or 919.483.2817 (external)
# 919.314.7177 (cell)
------------------------------
_______________________________________________
Kerberos mailing list
Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
End of Kerberos Digest, Vol 101, Issue 3
****************************************
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
