Check the /etc/pam.conf entries on the Solaris 8 system, they should have the following 'ktelnet' entries (or something similar depending on your local authentication policy).
ktelnet auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 acceptor ktelnet auth required /usr/lib/security/$ISA/pam_unix.so.1
-Wyllys
Peter Himmelfarb (Excell Data Corporation) wrote:
Synopsis of issue I'm experiencing:
a user is prompted for their password when using a kerberized linux telnet client
to access a kerberized telnet server on a solaris 8 host.
Test environment:
Windows 2003 KDC
(2) Linux hosts running kerberized telnetd
(1) solaris 8 host [SEAM 1.0.1 including patches 109223-02, 109805, 110060]
running kerberized telnetd and kerberized ftpd
History of successful kerberos interoperability:
- user can telnet from linux host to linux host without having to enter password
- user can ftp from linux host to solaris without having to enter password
- user can telnet from solaris host linux hosts without having to enter password
Issue:
- user can telnet from linux host to solaris telnet server but is
prompted for their
password. Here's output from `telnet -a -x msaum01` [IP's and names changed ]
./telnet -a -x msaum01
Trying 10.10.0.10...
Connected to abc.abc.com (10.10.0.10).
Escape character is '^]'.
Waiting for encryption to be negotiated...
[ Kerberos V5 accepts you as ''[EMAIL PROTECTED]'' ]
done.
Last login: Fri Jun 27 11:47:13 from 10.10.0.10
Password:
Excerpt from inetd.conf:
telnet stream tcp nowait root /usr/krb5/lib/telnetd telnetd -a user
------------------------------------------------------------------------
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
