Got it to work! Had to disable tgt_verify option in the methods.cfg file to let sudo, su, telnet and ftp work!!!
Ubaid Rahman Senior AIX Administrator SCS C&ES Infrastructure Admin 1 # 146E Ph # *.703.2817 (internal) or 919.483.2817 (external) # 919.314.7177 (cell) -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Tuesday, May 03, 2011 12:05 PM To: [email protected] Subject: Kerberos Digest, Vol 101, Issue 3 Send Kerberos mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://mailman.mit.edu/mailman/listinfo/kerberos or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Kerberos digest..." Today's Topics: 1. cross realm trust (aydin) 2. sudo with kerberos (Ubaid Rahman) ---------------------------------------------------------------------- Message: 1 Date: Mon, 02 May 2011 16:38:31 +0300 From: aydin <[email protected]> Subject: cross realm trust To: "[email protected]" <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-9; format=flowed Hi all, I am trying to setup a cross realm authentication between microsoft and mit kerberos running on rhel. Mit kerberos realm is going to trust to ms realm. Both kdc'a are running fine in their own realms. We have set up principals on both kdc's. krbtgt/[email protected] A windows client tries to open an ssh connection to a linux system. Windows client asks krbtgt/[email protected] ticket to its own kdc and gets the ticket. This is the point that i get confused and need your help. Ms client than requests host/sshserver.mit.realm. As far as I know first both kdc's has to share krbtgt ticket to establish a trust relation first. Does anyone knows how this should work. Regards, Aydin ------------------------------ Message: 2 Date: Mon, 2 May 2011 14:27:23 -0500 From: Ubaid Rahman <[email protected]> Subject: sudo with kerberos To: "[email protected]" <[email protected]> Message-ID: <1dfe27698bba1b49b6a8c6b7f7e37253c48dc7b...@019d-namsg-01.019d.mgd.msft.net> Content-Type: text/plain; charset="us-ascii" Hi I am trying to configure sudo to use Kerberos authentication in an AIX(6.1) environment, so far hadn't had any luck. Can anyone with a similar environment help? Ubaid Rahman Senior AIX Administrator SCS C&ES Infrastructure Admin 1 # 146E Ph # *.703.2817 (internal) or 919.483.2817 (external) # 919.314.7177 (cell) ------------------------------ _______________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos End of Kerberos Digest, Vol 101, Issue 3 **************************************** ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
