Ubuntu Security :: Gnome-keyring-daemon And Kerberos

Jul 12, 2010

I have Ubuntu 10.04 configured to login with Kerberos (as in [url]). Everything works fine, except gnome-keyring-daemon:

-If I login with a local user, gnome-keyring-daemon works right. Besides, the keyring is automatically unlocked with the login password.

-If I login with a Kerberos user:

- The session startup is considerably slower.

- /var/log/auth.log says something like:

Code:

- If I execute a program that needs the gnome-keyring (like Evolution), is desperately slow, and it says:

Code:

Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

- If I kill all gnome-keyring-daemon (killall gnome-keyring-daemon), start a new one (gnome-keyring-daemon), and restart the application that uses the gnome-keyring, it works fine, but it ask me for the password to unlock the keyring (I think that this is the normal behaviour if gnome-keyring-daemon did not start before).

I have seen the configurations in /etc/pam.d and everything looks fine (with pam_gnome_keyring.so). Indeed, I think that if something was wrong here, the local user would not have the keyring unlocked automatically.

View 1 Replies


ADVERTISEMENT

Ubuntu :: Gnome-keyring-daemon Weirdness ?

Apr 21, 2010

I'm running an up-to-date installation of Lucid, and have come upon a little problem. It seems that applications are having trouble communicating with gnome-keyring-daemon.

When I connect to wireless networks -- even ones that are in the network manager -- it always asks me for a password.

Gwibber is crashing because it can't connect to the gnome keyring daemon.

And when I open the Passwords and Encryption Keys utility (on the Accessories menu), I get the error: "Couldn't communicate with key ring daemon."

I have verified that the daemon is starting up when I log in, that all of the appropriate keyring-related login items (certificate and key storage, secret service, & SSH key agent) are in place, and that the keyring works in other accounts on my machine. I have tried deleting my extant keyrings, but that has produced any success. And when I kill and restart the keyring daemon once I'm already logged in, the problem seems to abate.

I don't know if it matters, but for OS X compatibility purposes, I'm running as a UID under 1000.

View 9 Replies View Related

Ubuntu Installation :: Gnome-keyring-daemon Not Working With 10.04

May 2, 2010

Since I've upgraded to Ubuntu 10.04 my gnome-keyring-daemon isn't working on login. It is running - ps ax shows:

4927 ? SLl 0:00 /usr/bin/gnome-keyring-daemon --daemonize

but it doesn't seem to be accessible. Seahorse says: "Couldn't communicate with key ring daemon", and I never get asked to unlock my keyring on login (thus saved wireless keys are not available, for example). If I kill the gnome-keyring-daemon process and run it again from the command line, everything works. There are not messages in /var/log/messages from the keyring daemon, so i don't know what it is doing wrong.

View 8 Replies View Related

Ubuntu :: How To Permanently Disable Gnome-keyring-daemon

Dec 29, 2010

How to permanently disable the gnome-keyring-daemon.

I've seen posts where there was a work around to store passwords in clear text. That's not a real solution. I've seen posts where killing the process and removing ~/.gnome2/keyrings is a temporary solution until next time you log in or reboot machine. Removing the package, will force removal of the whole kitchen sink. That's too intrusive.

There must be a way to stop this thing from starting up, ever.

I tried commenting out the entries in the /etc/pam.d/* files that refer to "pam_gnome_keyring.so", and have also unchecked the 3 keyring related entries under System --> Preferences --> Startup Applications, which are affiliated with these 3 files:

But I still get this one process once I log into the console window:

There must be one more file somewhere that says, "hey when someone logs in and starts up gdm, start the gnome keyring daemon".

View 9 Replies View Related

Ubuntu Security :: Firefox Asking For Gnome-keyring ?

Jul 11, 2010

For a while now, firefox has been prompting gnome-keyring (twice)

There is one applet i know of on my system that wants me to enter my keyring pw twice "CPU Frequency Scaling Monitor" (i have a core2-duo cpu, a monitor for each cpu), but i have no clue why ff would be invoking a change in how ubuntu controls that app.

Is there any way of finding out, which application (or perhaps an add-on?) is actually asking for my keyring-pw (the input window just says "an application..." not like e.g. "synaptic package manager...".

View 4 Replies View Related

Security :: Users Subverting Security On Purpose / Kerberos Only Answer?

May 12, 2010

I have an environment with multiple projects that have a variety of government and commercial sponsors. We have been satisfied to this point with a netapp serving nfs/cifs and keeping a tight reign on nfs exports.Some of these projects have started asking us to provide access restricted sub-folders of the project space based on different groups that contain a user subset of the primary group.

We have a linux machine that serves as a version control front end to the netapp, mounting the project spaces via nfs. People are now mounting their project space via sshfs to this "front end" and sharing the root password of this sshfs client with everyone in their project, in turn creating a security hole to access the so called restricted sub-folders. I know all the obligatory responses referring to irresponsible user behavior but would like to see how others have addressed something like this where user behavior seems out of control.

View 12 Replies View Related

Security :: Kerberos Versus LDAP SSL

Apr 21, 2011

I am integrating my Unix box to the Windows AD using PAM_LDAP and Kerberos enabled. I was wondering, since Kerberos is enabled is there any point to enable SSL on my LDAP.conf? My understanding is that since Kerberos is enabled, therefore the username/password is sent securely there isn't any benefit of enabling SSL on the LDAP.conf? It's one of or another.

View 1 Replies View Related

Ubuntu Security :: [SSH] Gssapi-with-mic Password-less Kerberos Login?

May 13, 2011

I'm trying to login to a server using gssapi-with-mic authentication against one of my school's machines that supports this mode of authentication. I have these kerberos packages installed:

batrick@menzoberranzan:~$ dpkg -l | grep krb
ii krb5-config 2.2 Configuration files for Kerberos Version 5

[code]....

View 1 Replies View Related

Security :: Secure Samba Server With Kerberos?

Jul 17, 2010

Is it possible to secure samba server with kerberos? I want to know whether we can use kerberos authentication to secure samba user name and password so that mo one can sniff that information. configuration or any URL link from I can get the exact configuration.

View 1 Replies View Related

Security :: Permitting Users To Ssh With Out Typing Their Passwords Via Kerberos?

May 24, 2010

Is there a way to use kerberos (or baring that a trusted CA) to allow users to ssh across machines in an environment isntead of having to manage the hash keys per user/server? I'm using kerberos+ldap to log folks in and get their settings but I'd like to take it a step further. I've been reading a lot but still can't quite get it all to come together.

Do I need to create a SPN for each host to do this? Sorry if I am asking a dumb question, I am returning to the *nix fold after a decade+ in the Microsoft world, be gentle with me.

View 3 Replies View Related

Security :: SuSe Authentication Failed After Installation Of Kerberos

Jun 3, 2010

I have installed keberos on my suse machine, but after installation now I am not able to login in it even with the root password. I search over the internet but could not find the solution. What to do now and how to configure Kerberos on a local machine with only local users authentication. I mean client and server both are on the same machine.

View 2 Replies View Related

Ubuntu Security :: SSH To Server Using GSSAPI/Kerberos Prompts For Password When Using DNS Alias?

Jan 15, 2010

I have a Kerberos/LDAP/OpenAFS server running on Debian lenny, set up according to Davor Ocelic's excellent guide here (url). SSHd has ben configured to use GSSAPI auth and the clients have been configured to pass auth tokens through to the server.

My clients are all Ubuntu 9.10 x86 fully patched. On the clients, OpenAFS has been compiled and installed as a kernel module and git 1.6.6 has been compiled from source and installed. Otherwise, all software is stock Ubuntu repository-ware.

The setup is working fine as long as I connect to the primary server using its hostname:

peter@client01:~$ ssh nana
<connection goes through seamlessly without prompting>
peter@nana:~$

If I try to connect via a DNS alias (actually a second CNAME record), I get:

peter@client01:~$ ssh git1
peter@git1's password:
<connection completes>
peter@nana:~$

I need both passwordless auth and the DNS alias working, as it's internal policy that user connections are only ever made to service names, not real hostnames.

I have tried adding a second host principal to Kerberos for the alias (git1.darling.local) in addition to the host principal for the hostname (nana.darling.local).

If I turn off PasswordAuthentication in sshd_config, then "ssh git1" doesn't even fall through to passwords; it just denies logins. So it looks like it's not even using GSSAPI for the DNS alias.

So:

1) Is what I want even possible? I can't find anything that indicates that there's anything odd about DNS aliases such that this should happen.

2) Which config files should I post to help debug this? There's a lot and I didn't want to start blarfing them here if they aren't helpful.

View 1 Replies View Related

Fedora Security :: Can't Forward My Kerberos Credentials To A Computing Resource

Aug 23, 2011

I can't forward my kerberos credentials to a computing resource before connecting to the resource for which I have kerberos credentials. In other words, from my machine at work I obtain my ticket with kinit -f to a computing facility off in some lab somewhere.

Then, I want to ssh to another machine in another department (I don't have control over the krb5.conf file or this would have been easy) where I work. It is on this machine I want to be able to ssh,scp, etc to this far off lab. I've tried several options around this barrier, but I'm a total failure thus far. I checked that GSSAPIAuthentication is set to yes.

[Code]...

View 2 Replies View Related

Ubuntu Security :: Hardened Baseline - Hook The Logins Into Either Enterprise Kerberos Or Active Directory (yuck)

Dec 14, 2010

I'm tasked with creating a base image of ubuntu (one for server, one for workstation) that is locked down and has all the fluff taken out (naturally workstation will have more fluff left in it than server). Task list looks about like this:

1. Create list of deb packages "allowed", write script to list/uninstall everything else.

2. Hook the logins into either enterprise kerberos or Active Directory (yuck).

3. Write scripts to check things like setuid/setguid, disabling su, checking sudo permissions, configure iptables, etc.

4. Use a scanner to scan the system from outside the system (was thinking of using backtrace).

5. Custom-compile the kernel to strip out all the unneeded modules.

Before embarking on this awesome task I figured I'd check with you guys to see if you know of some resources that would make this task easier/quicker. I'm sure someone out there has already headed down this branch.

PS My boss *loves* ubuntu and isn't to keen on going with a deb (or other) distro that is already "security trimmed" without some serious convincing. I'm sure there are some out there, and if you want to pass along a couple for consideration, I'll check them out, but no guarantees he'll let me use it.

View 4 Replies View Related

Fedora Installation :: LDAP - NIS - Kerberos - Add Mint Machines To Server To Use New Security Settings

Dec 10, 2009

I wish to setup a network that works like windows but for with lunix of course!. It will need to be able to handle security/DNS/DHCP & Document store from one location. I've been doing some reading and have found that I think I need to be using one of the following:

LDAP
NIS
Kerberos

I have looked at a few Linux based OS's. I did notice that when you install fedora live desktop it gives you the option to connect to one of the above. So I am looking for a complete solution.

1. How to setup fedora to act as server for my needs (or other Linux build)

2. Add fedora/linux mint machines to server to use new security settings. (or other linux build)

View 3 Replies View Related

Security :: Setup A Kerberos + OpenLDAP Server To Manage Users For Our Samba Shares

Feb 13, 2011

Trying to setup a Kerberos + OpenLDAP server to manage users for our Samba shares (was going to use just OpenLDAP, but apparently it is less secure than using Kerberos with it). (Distro: CentOS 5.5) Haven't even gotten to the point of connecting either to Samba yet. I have set up a Kerberos server, and configured it as necessary. I am happy that it is working as intended, as I can login and manage principals from both the local terminal and remotely on other clients.

I have setup a server (sv1.myhost.net), and configured it to talk to Kerberos (auth.myhost.net). I have created both a [URL] principal, and a testuser principal. I have set the password on the testuser but not on the host/sv1.myhost.net. I have added the keys for both users to the keytab file on the sv1.myhost.net. I am at a Windows 7 machine (on the same internal network), and have installed the Network Identity Manager. It is able to request a ticket successfully for the testuser account.

When I use putty w/GSSAPI (0.58) to remote login to the system, it says using 'testuser' and then just hangs there. Eventually putty connection times out. The fact that both machines can connect to the auth server to communicate with kerberos correctly suggests firewalls are correct. The relevant entries in sshd_config have been uncommented to tell srv1 to use Kerberos authentication.

View 3 Replies View Related

Security :: Kerberos And LDAP - Users Will Be Able To Login In To A Server On The Edge Of The LAN And Establish A SSH Connection

Feb 19, 2010

I am trying to deploy Kerberos and LDAP so users will be able to login in to a server on the edge of the LAN, and afterwards be able to establish a SSH connection to all the computers in that LAN without the need to type any passwords, and without the need for me to manage SSH keys [beside the SSH keys on the login server] and local user accounts.

1. When i create the users in OpenLDAP i use a template that i created by reading documentation from the Internet. In the template one piece of information that is neede is the UID. Is there any clever way the keep track of the numbers so i do not assign the same UID to two users, besides using a pen and paper?

2. For the users to be able to establish SSH connections between the computers, the host is going to be added to the keytab like this: ktadd host/client.example.com Is is possible to replace client with something genric so i do not need to mange these keytab files between the hosts?

3. Users will be logging on the the server on the edge of LAN by using SSH keys. How can i configure the setup so the users will recieve a ticket automatically when the logon without executing kinit and without entering a password, just by having a valid SSH key?

4. krb5kdc is running on all the network interfaces in the server i want it to only run on eth1, how can this be done?

View 2 Replies View Related

Ubuntu :: Difference Between PAM And GNOME-KEYRING ?

Aug 24, 2010

I wana know the difference between PAM and GNOME-KEYRING.

I have googled both of them and I found that they both are for authenticating users. and then some tutorials say that I can use gnome-keyring with PAM support!

So what is the difference and if there is no difference how then can I use gnome-keyring with PAM?

View 1 Replies View Related

Ubuntu :: Ssh Key With Gnome-keyring In Lubuntu ?

Oct 20, 2010

I'm trying Lubuntu for my low-resource netbook and I'm lovin' it.

But I can't get my ssh key passphrase work with the keyring manager.

I even created a new user account with a fresh home directory and it doesn't work. You run "ssh myname@mydomain.net" and it prompts you for the key passphrase in the terminal.

Expected behavior: with Gnome, you run "ssh myname@mydomain.net" and the password manager opens a GUI to ask for the passphrase. Once unlocked, it remains unlocked until you log off. Moreover, at that moment of unlocking you can tell it to remember the passphrase forever so it gets automatically unlocked next time you login.

The keyring works fine for the wireless password, and for luks-encrypted volumes, but not for Secure Shell keys.

I'm using Ubuntu Lucid, installed lubuntu-desktop package, using gdm session manager, all updated.

View 1 Replies View Related

Ubuntu Security :: How To Keep Keyring Safe

Nov 12, 2010

It seems to me that he passwords kept in GNU Keyring Seahorse, are not kept very safe, because if I'm logged in and someone access my cumputer they can see my passwords that are saved there. I have set a keyring password, but it seems that is it not all the time locked.What are some general follow guide rulles to make sure my passwords are kept safe and my encryption keys that I use.

View 2 Replies View Related

Ubuntu Security :: Keyring Keeps Asking For The Password?

Dec 21, 2010

Every time I log in, I get the "password for keyring default" question two or three times, unless I enter it immediately as it pops up, sometimes even that doesn't prevent it from respawning. What could be causing this? I'm using Maverick.

P.S. Hmm, I don't think I'll be watching the lunar eclipse much now, the sky is covered with smoke, maybe it's lunar apocalypse.

View 3 Replies View Related

Ubuntu :: Automatically Unlock Gnome Keyring ?

Dec 31, 2010

I've done the process with no problem on Ubuntu, but I can't get it working with Lubuntu.

I installed the pam package. I then added the @include common-pamkeyring line to my /etc/pam.d/lxdm file.

Here's my complete /etc/pam.d/lxdm file:

Code:

Am I doing something wrong? Does something have to be done differently in LXDE?

View 1 Replies View Related

Ubuntu :: Accessing Gnome-keyring From Cron ?

Jan 19, 2011

A few days ago, I decided to setup my emailing applications (I use mutt, with offlineimap, imapfilter, and msmtp) to use gnome-keyring rather than have my email passwords stored in plain text inside these application's respective configuration files.

[1].I am successfully able to run them from the command line myself, but looking up the passwords from gnome-keyring fails when running from cron.

I came across a person calling svn with a cron job and authenticating via gnome-keyring

[2]. I've tried to adapt his solution, but I don't think I'm doing it right. I've made a comment on the blog author's post, but am still waiting to hear back.

Does anyone know how I'm supposed to incorporate the bash function from that author's post to give cron the correct environmental variables?

[1]:[url]
[2]:[url]

View 4 Replies View Related

Ubuntu Security :: Unlock The 'default Keyring'?

Jan 13, 2010

I think this counts as a security question. I didn't know where else to place this.It's really preventing me from doing some things, such as setting up the Empathy IM program for chatting and whatnot, and this default keyring really haulting any progress I can make on that front. It also pops up when I'm just booting up the laptop. My brother set the password and then forgot, so he tried all of these passwords and it would never work. It always pops back up several moments later and reiterates its question. It goes away when I click on 'Deny', but now I can't follow that same route when trying to set Empathy IM Client up. I would like to either do away with this password requirement, or just change it to something I can easily remember

View 1 Replies View Related

Ubuntu Security :: Keyring Will Not Accept My Password

Jun 15, 2010

I just reinstalled ubuntu lucid after accidentally damaging it, And I used all the same passwords and user names as before, I can login fine, and I can do sudo commands, but the gnome keyring wont accept my password, I tried changing my password using Applications>accessories>Passwords and encryption but that didn't work. How can I fix this so that keyring will accept my password, I need it to save my wireless router password.

View 1 Replies View Related

Ubuntu :: 10.10 Gnome-keyring-d - Which Require To Reboot The PC To Clear ?

Dec 29, 2010

My computer keeps spawning new and massive numbers of "gnome-keyring-d" which require me to reboot the PC to clear.

What is happening? Why? And how do I stop it?

Code:

View 6 Replies View Related

Fedora :: Recover GNOME Keyring

Sep 5, 2009

For several weeks now I have been experiencing a problem with GNOME keyrings in Fedora 10 x86. Here is the thing: somehow out of the sudden GNOME started requesting the "Default Keyring" in order to connect to protected wireless networks it already knows. I don't remember having set one, maybe I did, and just in case I tried all my passwords to no avail.

On the other hand, XFCE, the desktop environment I use the most in that machine, has lost its ability to 'remember' passwords, which is a little painful in the long run.

I wouldn't want to just delete the keyrings because there are many stored already, and I want them back. Needless to say I have root access to the machine. Is it possible somehow as root (or as user) to fix that problem and restore both access to the stored passwords and the ability for Network Manager to remember them?

Just to be on the safe side I created another user and that one 'remembers' the stored passwords and is not prompted for the "Default Keyring".

View 4 Replies View Related

Ubuntu Security :: Ecryptfs: Keyring Not Cleared On Logout?

Jan 17, 2010

On a fresh karmic install, I have a user account with ecryptfs enabled home directory. I want that directory to be secured when I log out.

I have two administrator accounts, user1 and user2. I log in as user1 (with ssh, will test regular logins tomorrow), /home/user1/.Private gets mounted to /home/user1, everything is fine. I log out.

I log in as user2, and /home/user1/.Private is indeed unmounted. But I can do

Code:
sudo su - user1
which will ask me for the password of user2, and then I am logged in as user1, /home/user1/.Private is again mounted, without ever typing the password of user1.
On the other hand if I invoke
Code:
ecryptfs-umount-private

[Code]....

View 1 Replies View Related

Ubuntu Security :: Identify Which Application Wants Keyring Access?

May 2, 2010

Is there a way to identify exactly what application is asking for keyring access at the given time? I get this query every boot and it's getting annoying. The annoyance is there, but more importantly and from a personal security standpoint on desktop systems, it's pretty bad that it doesn't say what application want's the access.

View 7 Replies View Related

Ubuntu Security :: Access To Keyring - Locked Password

Sep 3, 2010

I would like to use a wireless network, I type in the correct password but suddenly a new window pops up saying: 'an application wants to access to the keyring 'Vorgabe', but its is locked password:'

But I don't know what password it's talking about
I went to Password and Encryption keys, there are two folders
'password: vorgabe'
'Password: login'

View 9 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved