Software :: Automatic Renewal Of Kerberos Tickets?
Mar 1, 2010
Over the last few weeks I have rapidly been coming up to speed with all things Kerberos and I'm pretty much sorted apart from one thing. On our Solaris machines I can use the 'ktkt_warnd' daemon to automatically renew user's tickets up to the maximum renewal time of the ticket.
However, I'm not sure how I do this on our Linux machines (Red Hat Enterprise 4). Does anyone know of a daemon for Linux that provides the same sort of functionality?
View 4 Replies
ADVERTISEMENT
Jan 9, 2011
I have an Internet connection with a Webstar cablemodem by Scientific-Atlanta Inc. DCP2100 series.I'm running an unstable distribution of Debian with the 2.6.32-5-amd64 kernel.I have installed JDownloader and works great, but I couldn't configure the reconnection features.What I need is a simple executable to run a script to change my IP adress, if possible. An specific tutorial could just be great for me to learn.And if you can't do this in linux as well as in XP, I'd really appreciate to inform me about it.
View 14 Replies
View Related
Jan 20, 2011
I just realized that since I reinstalled slackware on my laptop, the machine is not obtaining an IP from my router during the startup proccess like it used to do before.
Now I see something like:
Code:
dhcpcd: eth0: waiting for carrier
dhcpcd: eth0: timed out
dhcpcd: eth0: waiting 8 sec
and it fails. After I login in KDE, I need to manually renew (or acquire) an IP. Issuing the command
[Code]...
View 14 Replies
View Related
Apr 7, 2010
I am currently using vsftpd with ssl support.Currently when the certificate expires I have to generate a new certificate and distribute that new certificate among the clients.Ideally I would like automatic renewal of the certificate and that certificate to then be transferred to the client upon connection.
View 2 Replies
View Related
Aug 9, 2011
I just upgraded my Ubuntu Server from 10.04 to 11.04. I am having issues with the ethernet connection upon boot. The connection will blink slowly and not stay connected to the network. If I then unplug the ethernet from the switch and then replug it in, eth0 will get a steady connection, at which point I have to run the following command to get everything working.
Code:
sudo dhclient eth0
After running the command I have no issues with the ethernet connection.
lshw -C network
Code:
*-network:0
[Code]...
View 1 Replies
View Related
Jan 22, 2010
I am wondering, what are the merits of staying with an LTS release versus the renewal of the system by upgrading to a new release? Certainly, staying with an LTS release isn't going to be more or less dangerous than upgrading to a new release that specifically addresses security issues. With Lucid Lynx coming up this spring, should I try sticking it out until the LTS after Lynx, or keep upgrading regularly?
View 9 Replies
View Related
Jun 3, 2010
Ubuntu Jaunty Server connected via eth0 to a Billion residential ADSL router. I've locked the server MAC address to a specific IP in the router and set the DHCP renewal times to the longest possible times. For a certain number of days, the server will remain connected to the router, but then for some reason (the last time it was after about a month), the server loses it's connect and dumps into syslog the following:
Code:
Jun 2 17:10:15 defiant dhclient: DHCPREQUEST of 192.168.1.105 on eth0 to 192.168.1.254 port 67
Jun 2 17:11:26 defiant dhclient: last message repeated 5 times
[code]....
View 5 Replies
View Related
Jul 9, 2010
I am trying to open one site.When i open at home or internet cafe or at my friends place it opens properly but when i try to open it in my office i get this error and some other page opens "This domain is parked, pending renewal, or has expired.Please contact the domain provider with questions."
View 1 Replies
View Related
Aug 1, 2010
I'm running an up-to-date Fedora 12 machine with the Gnome desktop (meaning with Network Manager). My network connection is a wired ethernet to a switch which then connects to a Netgear router. For some reason, this machine can't renew its leases with DHCP, so NetworkManager deactivates eth0, taking my machine off the network. I have to click Network Manager and enable eth0, which seems to work every time.
How can I fix it? Here are the relevant bits from /var/log/messages showing a failed DHCP request and then the successful renewal.
Code:
Aug 1 04:00:08 ironton dhclient[12452]: DHCPREQUEST on eth0 to 192.168.1.1 port 67
Aug 1 04:00:08 ironton dhclient[12452]: DHCPNAK from 192.168.1.1
Aug 1 04:00:08 ironton NetworkManager[1261]: <info> (eth0): DHCPv4 state changed reboot -> expire
Aug 1 04:00:08 ironton NetworkManager[1261]: <info> (eth0): device state change: 8 -> 9 (reason 6)
Aug 1 04:00:08 ironton NetworkManager[1261]: <info> Marking connection 'System eth0' invalid because IP configuration expired.
[Code]...
View 5 Replies
View Related
Jun 27, 2011
I have Debian 4.0 installed and I want to set up Kerberos. If anybody knows how to set up.
View 2 Replies
View Related
Aug 3, 2010
I've my RHEL4u4 integrated with Active Directory.
I can logon to computer with username/passwd from AD.
But if I try to use ssh, is doesn't work
When I try to connect to the same computer using kerberos I receive this messages:
ssh -vv server.domain.com
....
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
[Code]....
and it tries to use publickey and finally, user/pass.
What do I've have do for using ssh and kerberos? I use samba for joining computer to AD. I tried it in ubuntu 8.04 and likewise-open and it works, but not in RH-Samba.
View 10 Replies
View Related
Jun 15, 2011
I am looking for some links to configure kerberos authentication for ssh.I did tried google-ing it, but could not found any good link to go ahead with it.
View 1 Replies
View Related
Feb 7, 2011
I've currently got Ubuntu server configured so that clients can login using LDAP user accounts that I've created using ldapadduser (from the ldapscripts package).
I've also got NFS exports working so that /home can be exported to clients. Kerberos authentication is enabled for NFS and clients require a nfs/clienthostname.domain principal to be able to mount the NFS share.
However, I now realise that for LDAP users to be able to access the mount they need their own Kerberos principal. If I run kinit dan@DANBISHOP.ORG then I can access /home/dan as user dan otherwise I get permission denied.
My question then is how best to proceed... is there a way to configure the client/server so that once a client has mounted the nfs share using Kerberos, all users can access it without their own principal?
It seems more usual to create kerberos principles for all users, but then how does one manage users? Using ldapscripts is very easy, but if the admin then has to manually create kerberos principals everytime, it could become very tedious. Furthermore how do users change their password if kerberos is used for authentication?
View 1 Replies
View Related
Aug 5, 2011
We have an employee that left our place of business on bad terms and his computer has been locked out since. The comp runs Ubuntu 10.10.
We have followed the regular password reset methods online but the Kerberos password seems to be getting in the way. We have no idea was this password is and it seems impossible to work around. Does anybody know a way?
Were were about to gain access as the root user but cannot access other user accounts as the root user.
View 1 Replies
View Related
Apr 21, 2011
I am integrating my Unix box to the Windows AD using PAM_LDAP and Kerberos enabled. I was wondering, since Kerberos is enabled is there any point to enable SSL on my LDAP.conf? My understanding is that since Kerberos is enabled, therefore the username/password is sent securely there isn't any benefit of enabling SSL on the LDAP.conf? It's one of or another.
View 1 Replies
View Related
Jan 14, 2011
I'm trying to configure SSH for accessing with kerberos. I try to configure a SSO. The computer is joined to Active Directory. I can access with the user/pass from AD (using samba/winbind), but if I try to connect using kerberos, the error:
Server not found in kerberos database. The server is CentOS 5.5, but also tried with RHEL 5.5.
Configuration
Domain: net
Realm: TEST.NET
User: usertom
Server ssh: testul0001.test.net
Client ssh: testul0001.test.net (connect to the same computer)
Domain controler: testgc01.test.net .....
View 8 Replies
View Related
Mar 24, 2011
Following the instructions listed here:[URL].. I have a machine set up to use Kerberos authentication for logins. The problem is, logins are now incredibly slow and any user from the AD fails to log in.Here's the output from the server in debug mode:
[Code]...
What I want to do is use a Windows AD with the UNIX extensions to control user logins on CentOS 5.5 servers. Previously I've used OpenLDAP and AD, but that was still two separate auth methods and I just want one.
View 5 Replies
View Related
Jun 16, 2011
Pretty much as described in the thread title. I'm running RHEL6 on both the server and the client.I followed Red Hat's own instructions to set the kdc upI have a user called krb, that has been added to the KDC and I can get a ticket from the KDC, by using
Code:
kinit -p krb
If I then try to log in to the KDC, from the KDC, with
[code]...
View 4 Replies
View Related
Apr 21, 2011
I am confused with the concept of Kerberos and LDAP SSL. I am in the midst of integrating my Unix box with the Active Directory hence the use of PAM_LDAP method. I understand that since it's non-secure transmission hence We use Kerberos to authenticate. If we already used kerberos to authenticate i.e. it means that the username/password is not transmitted in clear text. Why we still need LDAP SSL? What is the benefit?
View 3 Replies
View Related
Mar 10, 2009
I have an NIS server that is working well, and I want to use Kerberos to improve the overall security.I have already installed Kerberos client and server on two machines respectively.Currently the NIS server, Kerberos server, and KDC are running on the same box, and every box is in the same private network.I am having trouble logging in using the user account defined in Kerberos database. Here's /etc/krb5.conf on the client side:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
[code].....
View 1 Replies
View Related
Aug 3, 2010
I just took a job and the admin password for the AFS is missing. How do I find/reset this password? I have the root password for the machine it is installed on.
View 4 Replies
View Related
Sep 9, 2010
I recently upgraded my video card from a GeForce4 MX 440 AGP 8X to a GeForce FX 5500 AGP 8X. After that my 1360x768 monitor was stuck on a 1024x768 resolution. I ran system-config-display and under Hardware tab I changed the monitor setting from "Generic LCD Screen" to "1360x768 LCD Screen" with the acknowledgment that /etc/X11/xorg.conf file was been modified. After reboot the boot process stuck on:tarting kojid: Kerberos authentication failed. "Resource temporary unavailable" (11) [FAILED]I tried that with both 2.6.34.6-54 and 2.6.34.6-47 kernels available on my system.I use the latest KDE version available for Fedora.
View 1 Replies
View Related
May 26, 2011
In the OpenSUSE documentation I red this very exciting chapter Chapter 6. Network Authentication with Kerberos That mentions "Using LDAP and Kerberos" which combined with NFSv4 would give my office net functionality of a M$ Win network.
We are still on 11.2 (we have no win clients at all) and I was testing different setups of 11.4 in VM, but I can't get YaST to configure the LDAP with Kerberos setup (our current setup does not use Kerberos only LDAP). Unfortunately I could not find any meaningful HOWTO on how to do it in SuSE. The page in docs involves editing config files, but I would like to avoid this, because from my former experience with Samba, as it would mean I cannot use yast anymore and that is sad.
Is there a way to configure LDAP + Kerberos (in terms of issuing of krb tickets at login) with YaST?
PS: I basically need Kerberos for NFS and Intranet site.
View 5 Replies
View Related
Jul 12, 2010
I have an Ubuntu server that's part of a Windows domain and requires Kerberos authentication when connecting to its Samba shares.I have an Ubuntu desktop machine that is capable of obtaining Kerberos tickets via kinit and can successfully connect to the Samba share on my Ubuntu server using Kerberos authentication via smbclient.
View 2 Replies
View Related
Jul 17, 2010
Is it possible to secure samba server with kerberos? I want to know whether we can use kerberos authentication to secure samba user name and password so that mo one can sniff that information. configuration or any URL link from I can get the exact configuration.
View 1 Replies
View Related
Oct 14, 2010
I have a samba server for company file shares but we do not use domain services or active directory service. Each workstation is its own standalone system. (And we want to keep it this way.) I would like to have some centralized authentication though, and it looks like Kerberos will provide that. After a lot of searching though, I can't find any instructions for setting up samba to authenticate users using kerberos without an ADS (active directory service) or domain. Is this possible?
View 1 Replies
View Related
Oct 20, 2010
I'm setting up kerberos and I can't login with kadmin but I am getting tickets with kinit, my princs are valid, and my dns resolves with dig/ping, am I missing something?:
kadmin:
Code:
home-plug:/home/steven# kadmin
Authenticating as principal root/admin@SOUR-LAN.LOCAL with password.
Password for root/admin@SOUR-LAN.LOCAL:
kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
auth.log
Code:
Oct 20 22:18:13 home-plug kadmind[8935]: Seeding random number generator
Oct 20 22:18:20 home-plug krb5kdc[8778]: Interrupted system call - while selecting for network input(1)
Oct 20 22:18:20 home-plug krb5kdc[8778]: shutting down
Oct 20 22:18:20 home-plug krb5kdc[8939]: setting up network .....
View 1 Replies
View Related
Jun 3, 2010
How to install kerberos on a local machine ?
View 10 Replies
View Related
Feb 15, 2010
I have configured 'passwordless' SSH between our machines using GSSAPI authentication which is all working beautifully (Active Directory KDC).I now want to make sure that the user's kerberos crednetials are forwarded as well using the 'GSSAPIDelegateCredentials yes' on the SSH client.However, it seems as though the openssh server on Red Hat 4.8 has not been compiled to support this, because if I run sshd in debug mode, I see the client 'delegating credentials' but nothing appears in the debug log on the server to suggest the the credentials have been received, and sure enough a quick 'klist' shows that the user does not have any tickets.So two questions:1. Am I right about openssh-server on Red Hat Enterprise 4.8 not supporting delegated credentials
View 4 Replies
View Related
Sep 4, 2010
do you know any free (or commercial) software for analysing the MIT Kerberos logs, mainly authentication - who has logged in and when, who has logged out and when. It would be good to have some statistical data about logins (average number of logins per day and similar).
View 1 Replies
View Related
