Please login or register. August 18, 2019, 12:30:42 AM

Author Topic: AIX 6100-03 Kerberos Authentication  (Read 8111 times)

0 Members and 1 Guest are viewing this topic.

Maarten Visser

  • Full Member
  • ***
  • Posts: 24
  • Karma: +0/-0
AIX 6100-03 Kerberos Authentication
« on: November 17, 2009, 03:13:08 PM »
I just made a default new and complete install with AIX6100-03.
I installed the Kerberos Packages just as I do with AIX53 and made the config.krb5 settings
So far so good, I make a normal system account and then i do a:
chuser registry=KRB5Afiles SYSTEM=KRB5Afiles auth_domain=<domain> <user>

but then the sh*tload comes.
As root:
passwd <user> : you don't have permission to do this 
rmuser -p <user>  : user does not exist.

but "cat /etc/passwd" shows my user I just made. Authenticating isn't possible with the new user, not locally not through Kerberos.
The syslog shows me:  UNKNOW_USER tries to authenticate (sshd)

Any suggestions are welcome please...

Maarten Visser

  • Full Member
  • ***
  • Posts: 24
  • Karma: +0/-0
Re: AIX 6100-03 Kerberos Authentication
« Reply #1 on: November 18, 2009, 07:54:40 AM »
Hmm, i found out the when the chuser registry=.....  runs.
The stanza of the user is being removed from /etc/security/user  .
This is the reason why i can't remove the user anymore or change it's local password.
I hope this is a bug... i will make a PMR to IBM...

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1139
  • Karma: +0/-0
Re: AIX 6100-03 Kerberos Authentication
« Reply #2 on: November 18, 2009, 06:54:49 PM »
It certainly is different - I dont recall chuser removing them before - BUT - IBM might consider not removing a user when the registry changes to be a bug.

Have you tried setting the default stanza to look at Kerberos. Then AIX will look there for users.

Before you do that though - make sure you set root, and maybe other "local" accounts to the local files. i.e.

$ chuser registry=files SYSTEM=compat root

Michael