Skip to content

"SLC5X: system environment/daemons: cern-kerberos-migration

cern-kerberos-migration - This RPM will configure a Linux based computer to be compatible with both the Heimdal and Active Directory realms.

License: distributable
Vendor: CERN
Description:
This rpm will enable the machine to accept Kerberos authentication requests from both the CERN Active Directory and Heimdal realms, and to authenticate against both realms. The default /etc/krb5.conf remains the same, ensuring that the machine and any user will be in the Heimdal realm by default. Changing the KRB5_CONFIG variable to /etc/krb5.conf.windows in a shell will switch it to authenticate against the AD realm.

This is a temporary setup, which will remain in place for the duration of the migration, allowing machines and users of machines to be recognised in both realms.

Packages

cern-kerberos-migration-0.1-22.slc5.src [13 KiB] Changelog by Jan van Eldik (2012-02-29):
- oops
cern-kerberos-migration-0.1-21.slc5.src [13 KiB] Changelog by Jan van Eldik (2012-02-29):
- make sure to only operate on /etc/pam.d/system-auth{,-ac} files (ie. not on symlinks)
cern-kerberos-migration-0.1-15.src [12 KiB] Changelog by John hefferman (2011-10-18):
Added option to suppress message, changed message content
cern-kerberos-migration-0.1-14.src [12 KiB] Changelog by John hefferman (2011-07-05):
Added warning message for remaining Heimdal users
cern-kerberos-migration-0.1-13.src [11 KiB] Changelog by John Hefferman (2011-01-31):
krb5.conf.windows valid encryption types changed
cern-kerberos-migration-0.1-12.src [11 KiB] Changelog by John Hefferman (2010-12-12):
krb5.conf files modified for slc6 compatability (allow_weak_crypto and dns kdc lookup)
cern-kerberos-migration-0.1-11.src [11 KiB] Changelog by John Hefferman (2010-12-12):
krb5.conf files modified for slc6 compatability (allow_weak_crypto and dns kdc lookup)
cern-kerberos-migration-0.1-10.src [11 KiB] Changelog by John Hefferman (2010-10-26):
John Hefferman - Changed script to do a key refresh in the case of incorrect file permissions
cern-kerberos-migration-0.1-6.src [10 KiB] Changelog by John Hefferman (2010-08-04):
John Hefferman - Acquires afs token if not previously acquired by pam_krb5 due to TGT / krb5.conf mismatch. Required because 'krb5_init_secure_context' in pam_krb5 ignores the environment configured by this module.
John Hefferman - No longer print cern-config-keytab verbose messages
John Hefferman - Runs cern-config-keytab on removal to ensure machine is left with valid credentials
John Hefferman - Logging now directed to /var/log/secure
cern-kerberos-migration-0.1-5.src [8 KiB] Changelog by John Hefferman (2010-07-06):
John Hefferman - Changed to prevent pam_sm_close_session errors being written to /var/log/secure. 
John Hefferman - Changed pam_ensure_correct_realm to only change the default KRB5_CONFIG if absolutely necessary.
cern-kerberos-migration-0.1-3.src [8 KiB] Changelog by John Hefferman (2010-01-31):
Jan Iven - Changed the pam module to dynamically link the kerberos libs
Jan Iven - Changed the post section to remove any previous references to the pam module in system-auth

Listing created by repoview