Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

pmontoya21_d7c47b

1 Message

1513

October 3rd, 2013 14:00

How to Set maximum number of passwords to retain in Kerberos authentication

For any given CIFS Server, the EMC Celerra provides a CLI command that allows one to to "set maximum number of passwords to retain in Kerberos authentication" (page 80).  The default value is 2.  Page 25 explains why this is important.


https://mydocs.emc.com/VNXDocs/CIFS.pdf

How does one do the same thing for a CIFS server on an Isilon system?

1 Attachment

christopher_ime

2K Posts

October 3rd, 2013 21:00

Firstly, welcome to the forums, and above all, thank you for being an EMC customer.

Please consider moving this question as-is (no need to recreate) to the proper forum for maximum visibility.  Questions written to the users' own "Discussions" space don't get the same amount of attention and can go unanswered for a long time. 

You can do so by selecting "Move" under ACTIONS along the upper-right.  Then search for and select: "Isilon Support Forum".

Anonymous

5 Practitioner

 • 

274.2K Posts

October 16th, 2013 10:00

Per Tim W     Establish an SSH connection to any node in the cluster.

2.      Run the isi auth krb5command with the add, modify, or delete sub-command to specify which entries to modify in the Kerberos configuration file.

For usage information, see the OneFS Command Reference, Managing Active Directory providers 61

******* Kudos to Christopher Imes for the isi auth output below.

ISILON7-1# isi auth krb5 list
krb5cfg.defaults.always_send_preauth=True
krb5cfg.defaults.default_realm=
krb5cfg.defaults.default_tkt_enctypes=RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
krb5cfg.defaults.dns_lookup_realm=True
krb5cfg.defaults.default_keytab_name=
krb5cfg.defaults.permitted_enctypes=RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
krb5cfg.defaults.dns_lookup_kdc=True
krb5cfg.defaults.preferred_enctypes=RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
krb5cfg.defaults.default_tgs_enctypes=RC4-HMAC DES-CBC-MD5 DES-CBC-CRC


Authentication and access control

3. Propagate the changes to the Kerberos configuration file by running theisi auth krb5 writecommand.

By default, changes are written to the global Kerberos configuration file, / etc/krb5.conf. To update the Kerberos configuration file for Active Directory, use the --path option to specify the /etc/likewise-krb5-ad.conf file.

Best regards,

Garland

View More

View All

No Events found!

Top