Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Administration: Security Services Oracle Solaris 11 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Using the Basic Audit Reporting Tool (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Security Attributes in Oracle Solaris (Reference)
Part IV Cryptographic Services
11. Cryptographic Framework (Overview)
12. Cryptographic Framework (Tasks)
Part V Authentication Services and Secure Communication
14. Network Services Authentication (Tasks)
17. Using Secure Shell (Tasks)
19. Introduction to the Kerberos Service
20. Planning for the Kerberos Service
21. Configuring the Kerberos Service (Tasks)
22. Kerberos Error Messages and Troubleshooting
Common Kerberos Error Messages (A-M)
Common Kerberos Error Messages (N-Z)
How to Identify Problems With Key Version Numbers
Problems With the Format of the krb5.conf File
Problems Propagating the Kerberos Database
Problems Mounting a Kerberized NFS File System
Problems Authenticating as the root User
Observing Mapping From GSS Credentials to UNIX Credentials
23. Administering Kerberos Principals and Policies (Tasks)
24. Using Kerberos Applications (Tasks)
25. The Kerberos Service (Reference)
In this example, you would like to know if pre-authentication is required by a KDC, and if so what pre-authentication types are supported. First, as a privileged user, create a D program source file, like the following:
# cat kerberos_preauth.d kerberos$target:::krb_error-read { self->preauth = args[1]->kerror_error_code == "KDC_ERR_PREAUTH_REQUIRED(25)" ? "required" : "not required"; printf(" - Preauthentication is %s for this KDC.\n", self->preauth); } kerberos$target:::krb_error-read / self->preauth == "required" / { printf(" - This KDC supports the following preauth types: %s.", args[1]->kerror_e_data); }
Next, compile the preauth.d source file to get your answer.
# dtrace -qs kerberos_preauth.d -c "kinit -k" - Preauthentication is required for this KDC. - This KDC supports the following preauth types: ENC_TIMESTAMP(2) FX_FAST(136) PK_ETYPE_INFO2(19) SAM_RESPONSE(13) FX_COOKIE(133).
For more information about the various pre-authentication types see RFC 4120.