I desperately need help to replicate the functionality that I had with Solaris 8 and SEAM into Solaris 10.
Our application needs a few users which are created with the application install. One of our customer requires Kerberos as single sign-on because of their IT department policies. In the past, we had installed SEAM on Solaris 8, created principals for local application users on the KDC and locked their local accounts. This way, these application users were prompted for password only once (kerberos password).
Now we are required to move to Solaris 10 and I am trying to do the same thing with Solaris 10 kerberos. The problem is, as soon as I lock these local accounts, application users cannot login with their kerberos passwords either. If I do not lock the passwords, users can still access the system if they enter the incorrect kerberos password, but correct local password, which is undesirable. How can I accomplish the same effect as Solaris 8 and SEAM combo?
Following are the content of my pam.conf file in Solaris 8, which works with local account locking.
I have tried different configurations of pam.conf in Solaris 10, but nothing seems to work.
Thank you in advance for any help y'all can provide.
Hi,
I have a Solaris 10 device which has quite a dated version of Kerberos 5 installed. I'd like to upgrade the version of Kerberos to a more recent version, but was unsure whether updates to Kerberos are provided by applying a Solaris patch - or whether I would need to go to the MIT website... (0 Replies)
There is a account - ohsuser on Solaris-10 zone. It is getting locked every 2-3 minutes. Can I know, what is process or script, which is using this account and locking it ?
root@tswsd23-prdt01:/root# cat /var/adm/messages | tail -10
Sep 24 11:05:53 tswsd23-prdt01 nmo: Excessive (3) login... (5 Replies)
Hey guys just wondering how i could lock a specific acount by prepending LK
to the password field in the /etc/shadow file.
it cannot be done through a command since the script gets called by a menu driven interface so i cant use "passwd". Is there a way where i can search for a specific account... (11 Replies)
Hello - I am trying to connect to a remote solaris box from a solaris box i have locally present with me using 'ssh login@IP' ... Its connecting fine but... when I run xclock - it says 'Can't open display'
Whereas, IF I connect to same remote solaris IP from my windows desktop locally via putty... (9 Replies)
Hi,
I have a set up a linux box connected to windows active directory using winbind. Everything is up and running fine. Now i wish to auto create a local account whenever a new user logs in. I have tried every possible way using the smb.conf to no avail.
Any help would be appreciated. (1 Reply)
I need some help trying to figure out why our ftp account keeps getting locked with no manual intervention. We have end of day processes that run nightly and the last thing it does is ftp files to a server. Everyonce in a while the script fails because the account has been locked. How could this... (5 Replies)
does anyone know in solaris 10, can you lock an account if the user does not change their password within a certain amount of time?
What i want to do is, if a user doesnt change their password within 90 days, i want the account locked.
This is similar to the redhat linux passwd -i command.
... (3 Replies)
Hi,
I have been trying to have a solaris 8 client authenticate to a Suse Linux KDC (heimdal) via SEAM. Everything works fine, I can login with a principal using kinit or via PAM and get tgt. However I can't use kadmin or kpasswd from the solaris client. The error received is Client/Server real... (0 Replies)
Hello,
I started to install Solaris 10 on my x86 box and am not sure if I need to set up Kerberos and/or DNS if my box is a standalone workstation connected to the internet using a cable modem and router.
Specifically, I know kerberos is good for security, but I'm not sure what to enter in... (2 Replies)