JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Administration: Security Services     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

5.  Controlling Access to Devices (Tasks)

6.  Using the Basic Audit Reporting Tool (Tasks)

7.  Controlling Access to Files (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Security Attributes in Oracle Solaris (Reference)

Part IV Cryptographic Services

11.  Cryptographic Framework (Overview)

12.  Cryptographic Framework (Tasks)

13.  Key Management Framework

Part V Authentication Services and Secure Communication

14.  Network Services Authentication (Tasks)

15.  Using PAM

16.  Using SASL

17.  Using Secure Shell (Tasks)

18.  Secure Shell (Reference)

Part VI Kerberos Service

19.  Introduction to the Kerberos Service

20.  Planning for the Kerberos Service

21.  Configuring the Kerberos Service (Tasks)

22.  Kerberos Error Messages and Troubleshooting

Kerberos Error Messages

SEAM Tool Error Messages

Common Kerberos Error Messages (A-M)

Common Kerberos Error Messages (N-Z)

Kerberos Troubleshooting

How to Identify Problems With Key Version Numbers

Problems With the Format of the krb5.conf File

Problems Propagating the Kerberos Database

Problems Mounting a Kerberized NFS File System

Problems Authenticating as the root User

Observing Mapping From GSS Credentials to UNIX Credentials

Using DTrace With the Kerberos Service

23.  Administering Kerberos Principals and Policies (Tasks)

24.  Using Kerberos Applications (Tasks)

25.  The Kerberos Service (Reference)

Part VII Auditing in Oracle Solaris

26.  Auditing (Overview)

27.  Planning for Auditing

28.  Managing Auditing (Tasks)

29.  Auditing (Reference)



Using DTrace With the Kerberos Service

In this example, you would like to know if pre-authentication is required by a KDC, and if so what pre-authentication types are supported. First, as a privileged user, create a D program source file, like the following:

# cat kerberos_preauth.d
    self->preauth = args[1]->kerror_error_code ==
        "KDC_ERR_PREAUTH_REQUIRED(25)" ?  "required" : "not required";
    printf(" - Preauthentication is %s for this KDC.\n", self->preauth);

/ self->preauth == "required" /
    printf(" - This KDC supports the following preauth types: %s.",

Next, compile the preauth.d source file to get your answer.

# dtrace -qs kerberos_preauth.d -c "kinit -k"
 - Preauthentication is required for this KDC.
 - This KDC supports the following preauth types: ENC_TIMESTAMP(2)

For more information about the various pre-authentication types see RFC 4120.