Set up a Kerberized environment to work with Solaris 10 and learn how to configure a Key Distribution Center on AIX Version 5.3. You’ll also run through a series of steps for configuring a Kerberos client on Solaris 10 to authenticate users for Telnet, remote shell, and Secure Shell using AIX 5.3 as your KDC.
Secure Kerberized Authentication on Solaris Using AIX
Submitted by anonymous 2006-11-09 Unix 10 Comments
Did a double take on that title.
You could easily setup the kerberos environment to authenticate against Active Directory as well.
This is a really hard way to setup Kerberos on Solaris 10. There is a much simpler way to do the client setup using the kclient command. It deals with the setup of the configuration files.
The main problem with this article though is that it recommends a VERY BAD practice of using ftp to transfer the keytab file. This is a cardinal sin for Kerberos config as you have just transfered raw keys in the keytab file over the network using a unsecured ftp connection.
The pam.conf for Solaris is also wrong it is missing at least one critical additional entry for pam_unix_cred which must be in all PAM stacks where the authenticated entity is a unix account.