Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Solaris 9 authentication and access control into Active Directory

from [Myers, Mike] Network Security [Permanent Link]
Subject: RE: Solaris 9 authentication and access control into Active Directory
Date: Mon, 20 Sep 2004 08:14:24 -0700 
The trick to changing passwords with the Kerberos on Solaris is to add this 
token to the krb5.conf in the [realms] section (inside of the definition for 
the realm):

        kpasswd_protocol = SET_CHANGE

For example:

        [realms]
                AD.EXAMPLE.COM = {
                        kdc = ...:88
                        admin_server = ...:464
                        [...]
                        kpasswd_protocol = SET_CHANGE
                }

After that, kpasswd works just fine.

Cheers,
 - Mike Myers, Mike.Myers <at> nwdc.net


-----Original Message-----
From: Reg Quinton [mailto:reggers@ist.uwaterloo.ca]
Sent: Wednesday, September 15, 2004 6:22 AM
To: focus-sun@securityfocus.com
Cc: "Ron Ogle"
Subject: Re: Solaris 9 authentication and access control into Active
Directory


From: "Ron Ogle" <ogler@tce.com>

1. Use Kerberos on Solaris 9 via PAM to authenticate to AD using the 
Windows username/password.


I've done that with vendor's implementation -- no code imported to system. 
There's a good Microsoft paper at

http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp

It's an awkward configuration and not much fun to set up. The trick is to 
implement a user within your Active Directory for the machine, set his 
password, then import that information to Unix. It works but I never got 
the password change figured out. I have some very rough notes here that I 
can share:

http://ist.uwaterloo.ca/security/howto/drafts/2002-08-23/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Solaris 9 authentication and access control into Active Directory, Reg Quinton
Next by Date:  Security Configuration Settings?, El C0chin0
Previous by Thread:  RE: Solaris 9 authentication and access control into Active Direc tory, Ted Rodriguez-Bell
Next by Thread:  Re: Solaris 9 authentication and access control into Active Directory, Jas Amidzic
Indexes:  [Date] [Thread] [Top] [All Lists]