Displaying 9 results from an estimated 9 matches for "krb5cc_12345_afcdeb".
2015 Nov 04
3
Pam_mount not working with "sec=krb5"
...This was formerly acquired
interactively via username/password, and that way you have something
like a single sign-on.
This is what works so far:
1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux
member server -> the kerberos cache file is created in /tmp
("krb5cc_12345_afcdeb")
2. while the user is logged in (and the cache exists), use this command
to mount his home share (as root):
# mount.cifs //server/home/userxyz /home/userxyz -o
sec=krb5,cruid=12345,uid=12345,gid=someGroupID
So, users' krb5 cache files are actually used by the cifs mount upcall.
I made...
2015 Nov 04
3
Pam_mount not working with "sec=krb5"
...ssword, and that way you have something like a single
>> sign-on.
>>
>> This is what works so far:
>>
>> 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux
>> member server -> the kerberos cache file is created in /tmp
>> ("krb5cc_12345_afcdeb")
>> 2. while the user is logged in (and the cache exists), use this command to
>> mount his home share (as root):
>> # mount.cifs //server/home/userxyz /home/userxyz -o
>> sec=krb5,cruid=12345,uid=12345,gid=someGroupID
>>
>> So, users' krb5 cache files...
2015 Nov 04
2
Pam_mount not working with "sec=krb5"
...t;>>> sign-on.
>>>>
>>>> This is what works so far:
>>>>
>>>> 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux
>>>> member server -> the kerberos cache file is created in /tmp
>>>> ("krb5cc_12345_afcdeb")
>>>> 2. while the user is logged in (and the cache exists), use this command
>>>> to
>>>> mount his home share (as root):
>>>> # mount.cifs //server/home/userxyz /home/userxyz -o
>>>> sec=krb5,cruid=12345,uid=12345,gid=someGroupID
&...
2015 Nov 04
0
Pam_mount not working with "sec=krb5"
...ctively
> via username/password, and that way you have something like a single
> sign-on.
>
> This is what works so far:
>
> 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux
> member server -> the kerberos cache file is created in /tmp
> ("krb5cc_12345_afcdeb")
> 2. while the user is logged in (and the cache exists), use this command to
> mount his home share (as root):
> # mount.cifs //server/home/userxyz /home/userxyz -o
> sec=krb5,cruid=12345,uid=12345,gid=someGroupID
>
> So, users' krb5 cache files are actually used by the...
2015 Nov 04
0
Pam_mount not working with "sec=krb5"
...e something like a single
>>> sign-on.
>>>
>>> This is what works so far:
>>>
>>> 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux
>>> member server -> the kerberos cache file is created in /tmp
>>> ("krb5cc_12345_afcdeb")
>>> 2. while the user is logged in (and the cache exists), use this command
>>> to
>>> mount his home share (as root):
>>> # mount.cifs //server/home/userxyz /home/userxyz -o
>>> sec=krb5,cruid=12345,uid=12345,gid=someGroupID
>>>
>>...
2015 Nov 04
0
Pam_mount not working with "sec=krb5"
...t;>>> sign-on.
>>>>
>>>> This is what works so far:
>>>>
>>>> 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux
>>>> member server -> the kerberos cache file is created in /tmp
>>>> ("krb5cc_12345_afcdeb")
>>>> 2. while the user is logged in (and the cache exists), use this command
>>>> to
>>>> mount his home share (as root):
>>>> # mount.cifs //server/home/userxyz /home/userxyz -o
>>>> sec=krb5,cruid=12345,uid=12345,gid=someGroupID
&...
2015 Nov 03
4
Pam_mount not working with "sec=krb5"
>> I mean, putting the key in the keytab looks like a security risk to me.
> In what way does it appear any more of a risk than having the keys
> which you have there already? Even if someone steals the keytab,
> they're gonna be hard pressed to crack the key in the few hours before
> the tgt expires. Do you have very sensitive data maybe?
Ok. And maybe I misunderstood
2015 Nov 04
4
Pam_mount not working with "sec=krb5"
...gt;>>>
> >>>> This is what works so far:
> >>>>
> >>>> 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux
> >>>> member server -> the kerberos cache file is created in /tmp
> >>>> ("krb5cc_12345_afcdeb")
> >>>> 2. while the user is logged in (and the cache exists), use this
> command
> >>>> to
> >>>> mount his home share (as root):
> >>>> # mount.cifs //server/home/userxyz /home/userxyz -o
> >>>> sec=krb5,cruid=123...
2015 Nov 04
2
Pam_mount not working with "sec=krb5"
...>>>>>
>>>>> This is what works so far:
>>>>>
>>>>> 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux
>>>>> member server -> the kerberos cache file is created in /tmp
>>>>> ("krb5cc_12345_afcdeb")
>>>>> 2. while the user is logged in (and the cache exists), use this command
>>>>> to
>>>>> mount his home share (as root):
>>>>> # mount.cifs //server/home/userxyz /home/userxyz -o
>>>>> sec=krb5,cruid=12345,uid=123...