A series of settings for AIX TELNET

In the settings of aix telnet. We usually do not explain and configure it separately. Therefore, the use of the AIX system requires a lot of configuration content. Let's take a look at it. Learn how to use Kerberos Authentication tickets in daily network services on ibm aix V6 and how Kerberos helps avoid the trouble of using passwords when logging on to the network service. This is another way to achieve Single Sign-On (SSO) in the AIX system network.

Introduction

Network applications in AIX, such as telnet, FTP, rlogin, rsh, rcp, and other r commands, support Kerberos authentication. All the work that the administrator needs to do includes installing and configuring Kerberos, and configuring the AIX system to use the Kerberos settings for authentication. Kerberos Authentication indicates that once you have a valid Kerberos ticket, it is obtained through manual/usr/krb5/bin/kinit or integrated logon ), network applications can use this ticket as your authentication token, and once the authentication is successful, you do not need to enter a password to obtain access permissions.

Basic Configuration

To enable Kerberos authentication, you need to set some general basic configurations on the Kerberos front-end and the AIX system. Let's take a look at these Aix Telnet configurations.

Kerberos Configuration

Use a server computer as the Key Distribution Center (KDC) of the Kerberos Master Key Distribution Center. This computer is responsible for all Kerberos-related tasks, such as ticket generation and user authentication. The administrator needs to install and configure the IBM Network attached storage (NAS) on this computer, preferably 1.4.0.7 or later, as the master KDC.

On all other computers in the network, you will use telnet, FTP, or r commands to log on to these computers.) install and configure ibm nas as the client for the master KDC.

The telnet/FTP daemon will run on these computers, and you will connect from the client to this computer. Install and configure ibm nas on these computers as the master KDC client.

For a complete description of the installation and configuration of ibm nas servers and clients, see the ibm nas Version 5.3 Administration Guide included in the AIX Version 1.4 Expansion Pack CD.

For the examples in this article, I refer to the example Kerberos environment. Figure 1 shows the environment and logical information flow.

Figure 1: Example of a successfully ized telnet operation

The following definitions are used throughout this article:

Kerberos Administrator name: admin/admin

Kerberos Domain Name: ISL. IN. IBM. COM

Ibm nas 1.4.0.7 master KDC: Host Name: land.in.ibm.com port: 88

Operating System: AIX 5.3

Ibm nas 1.4.0.7 Management Server: Host Name: land.in.ibm.com port: 749

Operating System: AIX 5.3

Ibm nas 1.4.0.7 client: Host Name: fakir.in.ibm.com

Operating System: AIX 6.1

The computer that runs the telnet service: Host Name: fsaix005.in.ibm.com port: 23

Operating System: AIX 5.3

Computer running FTP service: Host Name: fsaix005.in.ibm.com port: 21

Operating System: AIX 5.3

The time difference between checking and synchronizing all computers; the error should not exceed 5 minutes. To check whether the Kerberos configuration is correct, use '/usr/krb5/bin/kinit admin/admin ', follow '/usr/krb5/bin/klist' and check whether the Kerberos ticket can be obtained, run '/usr/krb5/sbin/kadmin-p admin/admin' to check the time difference between all items and other projects.

Aix authentication configuration in AIX Telnet settings

To ensure that all network applications attempt Kerberos authentication before performing password-based standard authentication, the administrator needs to change the authentication method preferences on all AIX computers.

The '/usr/bin/lsauthent' command displays the current Authentication Mode preferences.

 
 

  
  
bash-2.05b# /usr/bin/lsauthent  
  
  
Standard Aix 
 
 

To change the Authentication Mode preferences, run the '/usr/bin/chauthent' command.

 
 

  
  
bash-2.05b# /usr/bin/chauthent -k5 -std 
 
 

Now '/usr/bin/lsauthent' should display something similar to the following:

 
 

  
  
bash-2.05b# /usr/bin/lsauthent  
  
  
Kerberos 5  
  
  
Standard Aix 
 
 

In the Aix Telnet settings, be sure to keep the-std above the password-based standard authentication method as the backup authentication method. Otherwise, if the correct Kerberos logon cannot be enabled, you cannot log on to the system.