Security :: SuSe Authentication Failed After Installation Of Kerberos

Jun 3, 2010

I have installed keberos on my suse machine, but after installation now I am not able to login in it even with the root password. I search over the internet but could not find the solution. What to do now and how to configure Kerberos on a local machine with only local users authentication. I mean client and server both are on the same machine.

View 2 Replies


ADVERTISEMENT

Security :: Dovecot User Authentication Failed

Jun 23, 2010

Im using CenOs 5 and have install a mail system(postfix+dovecot),when I trying to enable selinux for enforcing mode and i'm have some issue, the user authentication failed. How can i to fix this problem?

View 2 Replies View Related

Security :: Failed SSH Authentication With Radius Server

Jan 26, 2011

I have intalled RADIUS server on one machine which has fedora 10. I have installed freeradius-server-2.1.10 on it(server machine IP 10.150.110.42).

I have one more machine with redhat linux on which i have installed pam_radius-1.3.17(client machine IP 10.150.113.4).

I have done the follwoing configuration at both sides

SERVER SIDE.

users file
"vijay" Auth-Type := Local, Cleartext-Password == "123qwe", NAS-IP-Address == "10.150.113.4"
Reply-Message = "Hello, %u"

[Code]....

Above mentioned is my configuration. when i try to connect client with SSH it is not sending a request for authenticating user to RADIUS server. what else configuration i have to do, or if there are any mistakes in my configuration

View 2 Replies View Related

Fedora Security :: Dovecot User Authentication Failed With Selinux

Jun 24, 2010

I'm using FC8 and have installed a mailserver(postfix+dovecot),when I trying to enable the selinux mode to enforcing and i'm have some issue, the user authentication failed.if turn the selinux mode to permissive, then it work right.How can i to fix this problem?

View 14 Replies View Related

Software :: SSH With Kerberos Authentication?

Jun 15, 2011

I am looking for some links to configure kerberos authentication for ssh.I did tried google-ing it, but could not found any good link to go ahead with it.

View 1 Replies View Related

Server :: SSH Not Working With Kerberos Authentication?

Jun 16, 2011

Pretty much as described in the thread title. I'm running RHEL6 on both the server and the client.I followed Red Hat's own instructions to set the kdc upI have a user called krb, that has been added to the KDC and I can get a ticket from the KDC, by using

Code:
kinit -p krb
If I then try to log in to the KDC, from the KDC, with

[code]...

View 4 Replies View Related

Fedora :: Kerberos Authentication Fails At Boot?

Sep 9, 2010

I recently upgraded my video card from a GeForce4 MX 440 AGP 8X to a GeForce FX 5500 AGP 8X. After that my 1360x768 monitor was stuck on a 1024x768 resolution. I ran system-config-display and under Hardware tab I changed the monitor setting from "Generic LCD Screen" to "1360x768 LCD Screen" with the acknowledgment that /etc/X11/xorg.conf file was been modified. After reboot the boot process stuck on:tarting kojid: Kerberos authentication failed. "Resource temporary unavailable" (11) [FAILED]I tried that with both 2.6.34.6-54 and 2.6.34.6-47 kernels available on my system.I use the latest KDE version available for Fedora.

View 1 Replies View Related

Server :: Possible To Use Kerberos For Samba Authentication Without A Domain?

Oct 14, 2010

I have a samba server for company file shares but we do not use domain services or active directory service. Each workstation is its own standalone system. (And we want to keep it this way.) I would like to have some centralized authentication though, and it looks like Kerberos will provide that. After a lot of searching though, I can't find any instructions for setting up samba to authenticate users using kerberos without an ADS (active directory service) or domain. Is this possible?

View 1 Replies View Related

CentOS 5 :: Kerberos Authentication To Active Directory?

Apr 15, 2009

I've configured kerberos authentication on my centos 5.2 box. When I kinit with a username in AD and not on the centos box, I get a TGT. However, I cannot log into the centos box as any of the AD users. This is probably a stupid question but do I also need to create the account's on the centos box that I have in AD? If so, does that mean i can then use pam to authenticate users on my cyrus imap process running on the centos box?

View 2 Replies View Related

CentOS 5 :: Samba Authentication Using Kerberos Cannot Add To The AD Machine

Feb 25, 2011

I have the following version of centos,kerbose and samba (Samba version 3.0.33-3.29.el5_5.1, krb5-libs-1.6.1-36.el5_5.5 , krb5-workstation-1.6.1-36.el5_5.5 , centos-release-5-5.el5.centos) i have configured it and qhw i givit give me the following error Failed to set password for machine account NT_STATUS_ACCESS_DENIED) Failed to join domain: Access denied

[Code]...

View 10 Replies View Related

Fedora Installation :: LDAP - NIS - Kerberos - Add Mint Machines To Server To Use New Security Settings

Dec 10, 2009

I wish to setup a network that works like windows but for with lunix of course!. It will need to be able to handle security/DNS/DHCP & Document store from one location. I've been doing some reading and have found that I think I need to be using one of the following:

LDAP
NIS
Kerberos

I have looked at a few Linux based OS's. I did notice that when you install fedora live desktop it gives you the option to connect to one of the above. So I am looking for a complete solution.

1. How to setup fedora to act as server for my needs (or other Linux build)

2. Add fedora/linux mint machines to server to use new security settings. (or other linux build)

View 3 Replies View Related

Ubuntu Networking :: Kerberos Authentication For CUPS Server?

Apr 14, 2010

So I was trying to configure my CUPS server and checked the box marked "Use Kerberos Authentication." Now, I cannot change anything and get an unauthorized error every time I try. How can I remove Kerberos? I have access to the local computer as root and can use sudo.

View 2 Replies View Related

Software :: Kerberos Authentication For Telnet Asks For Password?

Jun 8, 2011

I have set up my KDC and telnet in the same server.

I am trying to telnet from a local PC . This is the output I am getting ..

[sudip@kdcclient root]$ telnet -a -F -x kdc
Trying 192.168.1.3...
Connected to kdc.example.local (192.168.1.3).
Escape character is '^]'.

[Code]....

So why it is asking for password ? What I am missing here ?

View 3 Replies View Related

CentOS 5 Networking :: Kerberos Authentication Broken After Upgrade To 5.5?

May 18, 2010

I had a working client installation with CentOS 5.4, using kerberos and PAM to authenticate. After an upgrade to 5.5, logins for users are no longer possible. Instead I get this:

/var/log/messages: gdm: Couldn't set acct. mgmt for <user> /var/log/secure: gdm: pam_krb5: authentication fails for '<user>': (<user@domain>): Authentication failure (Cannot read password) gdm: pam_krb5: account checks fail for '<user>': unknown reason -1765328254 (Cannot read password) gdm: pam:krb5: User not known to the underlying authentication module (Client not found in Kerberos database) "kinit <user>" still works as expected, and <user> has no problems logging in from other types of clients. Something kerberos-related apparently broke in CentOS 5.5,

View 2 Replies View Related

Security :: Users Subverting Security On Purpose / Kerberos Only Answer?

May 12, 2010

I have an environment with multiple projects that have a variety of government and commercial sponsors. We have been satisfied to this point with a netapp serving nfs/cifs and keeping a tight reign on nfs exports.Some of these projects have started asking us to provide access restricted sub-folders of the project space based on different groups that contain a user subset of the primary group.

We have a linux machine that serves as a version control front end to the netapp, mounting the project spaces via nfs. People are now mounting their project space via sshfs to this "front end" and sharing the root password of this sshfs client with everyone in their project, in turn creating a security hole to access the so called restricted sub-folders. I know all the obligatory responses referring to irresponsible user behavior but would like to see how others have addressed something like this where user behavior seems out of control.

View 12 Replies View Related

Server :: Kerberos - "Failed To Join Domain: Failed To Connect To AD: KDC Has No Support For Encryption Type"

Mar 2, 2011

I am running Red Hat Enterprise Server 6.0 I am having issues getting kerberos configured as a client to join a domain. Im getting below error message. "Failed to join domain: failed to connect to AD: KDC has no support for encryption type"

View 9 Replies View Related

Ubuntu Installation :: Log On Failed After Upgrade/install "authentication Failed"

May 20, 2010

I've been using Ubuntu since 6.04, not a linux guru by any means but can usually get myself out of trouble.

So, the issue... I installed 8.04 on my mother's laptop some time back as she was having trouble keeping Win 2000 running (she has a low spec no-name generic laptop btw). I live in Autsralia and she in England, i thought i could better support her if she was running Ubuntu... All has been well with 8.04 but with the new LTS release (10.04) i thought i'd talk her through the upgrade... Did the online upgrade via Update Manager, all seemed to go OK but when she went to log on after restart she got an error saying 'authentication failed' even though we are 100% sure we have the user name and password correct... Tried to do a ctrl+alt+F1 to by pass the GUI log on but couldn't get the terminal session to open up, just got a black screen - no command prompt.

So... thought OK re-install... downloaded the ISO, burned and sent her a CD in the post... talked her through the re-install, all seemed to go well (again) - BUT, after restart, couldn't log in "authentication failed" again...

So, remember i'm trying to talk a novice through all this... any thoughts!?!

If i can get her to log in i can then support her via some kind of remote sesion or other screen share... and it wont cost me a small fortune in international calls!!! But if i can't get a log in, i'm dead in the water!?

View 1 Replies View Related

Debian :: Way To Make Su Repeat Authentication Rather Then Just Returning Authentication Failed

Apr 1, 2016

If I am running a script, let's say a install script. Is there a way to make Su repeat authentication rather then just returning "Authentication failed" and continuing the script?

View 3 Replies View Related

OpenSUSE Install :: Authentication Failed - During The OS Installation

Jun 3, 2010

I wanted to install it on a secondary computer in my house for web browsing and little-to-nothing more.

How can I fix or get around the error 'Authentication failed' when attempting to login?

I just installed openSUSE. The installation seemed to go well. After installation, everything loaded up and I was using the OS with no problems.

I restarted the computer to change my boot sequence in the BIOS. Then I got to the openSUSE login screen. I was presented with three options:

1. my username - When I enter in the password I specified during the OS installation it says "Authentication failure"

2. Automatic Login - just says "Permission denied"

3. Other... - Nothing seems to work here

How can I login?

View 8 Replies View Related

OpenSUSE :: Skype Installation Says: Failed To Obtain Authentication?

Feb 19, 2011

i seem to encounter lots of little troubles here and there... just need to get used to it.

now i`ve downloaded skype for opensuse and when i dbl click on it, it says: "you have failed to provide correct authentication please check any password or account settings" but it doesnt ask me anything before the error..

View 3 Replies View Related

Ubuntu Security :: Configure SSH Key-based Authentication And SSH Password Authentication In Same Machine For Different User?

Jan 10, 2010

I want to configure SSH key-based authentication and SSH password Authentication in same machine for different user .

View 1 Replies View Related

Security :: Make A Choice On What Authentication Protocol To Use For Authentication And Authorization?

Jan 17, 2011

I need to make a choice on what authentication protocol I want to use for Authentication and Authorization. I was looking at Radius and then literature suggested that Diameter was a better protocol. Keep in mind I need this on a hetrogeneous setup ( linux & windows together). Diameter seemed like a good fit until I discovered that the open source code no longer seems to be maintained ( C/C++).

I was also looking at Kerberos as an option though there is alot overhead with the server. SSL/TLS or EAP? I am looking for simple but secure and am new at the security protocols.

View 2 Replies View Related

Security :: Kerberos Versus LDAP SSL

Apr 21, 2011

I am integrating my Unix box to the Windows AD using PAM_LDAP and Kerberos enabled. I was wondering, since Kerberos is enabled is there any point to enable SSL on my LDAP.conf? My understanding is that since Kerberos is enabled, therefore the username/password is sent securely there isn't any benefit of enabling SSL on the LDAP.conf? It's one of or another.

View 1 Replies View Related

Security :: Secure Samba Server With Kerberos?

Jul 17, 2010

Is it possible to secure samba server with kerberos? I want to know whether we can use kerberos authentication to secure samba user name and password so that mo one can sniff that information. configuration or any URL link from I can get the exact configuration.

View 1 Replies View Related

Ubuntu Security :: Gnome-keyring-daemon And Kerberos

Jul 12, 2010

I have Ubuntu 10.04 configured to login with Kerberos (as in [url]). Everything works fine, except gnome-keyring-daemon:

-If I login with a local user, gnome-keyring-daemon works right. Besides, the keyring is automatically unlocked with the login password.

-If I login with a Kerberos user:

- The session startup is considerably slower.

- /var/log/auth.log says something like:

Code:

- If I execute a program that needs the gnome-keyring (like Evolution), is desperately slow, and it says:

Code:

Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

- If I kill all gnome-keyring-daemon (killall gnome-keyring-daemon), start a new one (gnome-keyring-daemon), and restart the application that uses the gnome-keyring, it works fine, but it ask me for the password to unlock the keyring (I think that this is the normal behaviour if gnome-keyring-daemon did not start before).

I have seen the configurations in /etc/pam.d and everything looks fine (with pam_gnome_keyring.so). Indeed, I think that if something was wrong here, the local user would not have the keyring unlocked automatically.

View 1 Replies View Related

Ubuntu Security :: [SSH] Gssapi-with-mic Password-less Kerberos Login?

May 13, 2011

I'm trying to login to a server using gssapi-with-mic authentication against one of my school's machines that supports this mode of authentication. I have these kerberos packages installed:

batrick@menzoberranzan:~$ dpkg -l | grep krb
ii krb5-config 2.2 Configuration files for Kerberos Version 5

[code]....

View 1 Replies View Related

Security :: Permitting Users To Ssh With Out Typing Their Passwords Via Kerberos?

May 24, 2010

Is there a way to use kerberos (or baring that a trusted CA) to allow users to ssh across machines in an environment isntead of having to manage the hash keys per user/server? I'm using kerberos+ldap to log folks in and get their settings but I'd like to take it a step further. I've been reading a lot but still can't quite get it all to come together.

Do I need to create a SPN for each host to do this? Sorry if I am asking a dumb question, I am returning to the *nix fold after a decade+ in the Microsoft world, be gentle with me.

View 3 Replies View Related

Fedora Security :: Can't Forward My Kerberos Credentials To A Computing Resource

Aug 23, 2011

I can't forward my kerberos credentials to a computing resource before connecting to the resource for which I have kerberos credentials. In other words, from my machine at work I obtain my ticket with kinit -f to a computing facility off in some lab somewhere.

Then, I want to ssh to another machine in another department (I don't have control over the krb5.conf file or this would have been easy) where I work. It is on this machine I want to be able to ssh,scp, etc to this far off lab. I've tried several options around this barrier, but I'm a total failure thus far. I checked that GSSAPIAuthentication is set to yes.

[Code]...

View 2 Replies View Related

Ubuntu Security :: SSH To Server Using GSSAPI/Kerberos Prompts For Password When Using DNS Alias?

Jan 15, 2010

I have a Kerberos/LDAP/OpenAFS server running on Debian lenny, set up according to Davor Ocelic's excellent guide here (url). SSHd has ben configured to use GSSAPI auth and the clients have been configured to pass auth tokens through to the server.

My clients are all Ubuntu 9.10 x86 fully patched. On the clients, OpenAFS has been compiled and installed as a kernel module and git 1.6.6 has been compiled from source and installed. Otherwise, all software is stock Ubuntu repository-ware.

The setup is working fine as long as I connect to the primary server using its hostname:

peter@client01:~$ ssh nana
<connection goes through seamlessly without prompting>
peter@nana:~$

If I try to connect via a DNS alias (actually a second CNAME record), I get:

peter@client01:~$ ssh git1
peter@git1's password:
<connection completes>
peter@nana:~$

I need both passwordless auth and the DNS alias working, as it's internal policy that user connections are only ever made to service names, not real hostnames.

I have tried adding a second host principal to Kerberos for the alias (git1.darling.local) in addition to the host principal for the hostname (nana.darling.local).

If I turn off PasswordAuthentication in sshd_config, then "ssh git1" doesn't even fall through to passwords; it just denies logins. So it looks like it's not even using GSSAPI for the DNS alias.

So:

1) Is what I want even possible? I can't find anything that indicates that there's anything odd about DNS aliases such that this should happen.

2) Which config files should I post to help debug this? There's a lot and I didn't want to start blarfing them here if they aren't helpful.

View 1 Replies View Related

Security :: Setup A Kerberos + OpenLDAP Server To Manage Users For Our Samba Shares

Feb 13, 2011

Trying to setup a Kerberos + OpenLDAP server to manage users for our Samba shares (was going to use just OpenLDAP, but apparently it is less secure than using Kerberos with it). (Distro: CentOS 5.5) Haven't even gotten to the point of connecting either to Samba yet. I have set up a Kerberos server, and configured it as necessary. I am happy that it is working as intended, as I can login and manage principals from both the local terminal and remotely on other clients.

I have setup a server (sv1.myhost.net), and configured it to talk to Kerberos (auth.myhost.net). I have created both a [URL] principal, and a testuser principal. I have set the password on the testuser but not on the host/sv1.myhost.net. I have added the keys for both users to the keytab file on the sv1.myhost.net. I am at a Windows 7 machine (on the same internal network), and have installed the Network Identity Manager. It is able to request a ticket successfully for the testuser account.

When I use putty w/GSSAPI (0.58) to remote login to the system, it says using 'testuser' and then just hangs there. Eventually putty connection times out. The fact that both machines can connect to the auth server to communicate with kerberos correctly suggests firewalls are correct. The relevant entries in sshd_config have been uncommented to tell srv1 to use Kerberos authentication.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved