HP-UX Reference (11i v2 03/08) - 5 Miscellaneous Topics, 7 Device (Special) Files, 9 General Information, Index (vol 9)
s
sis(5) sis(5)
will accompany this error message.
This error message will also be generated if the user attempts to access a non-secure remote system.
In which case, this message will be preceded by the message: "To bypass Kerberos authentication,
use the -P option".
This error is reported by ftp, rlogin and telnet.
ERROR! Kerberos-specific options are invalid with the -P option.
The -P command line option indicates that Kerberos authentication should not be performed. If
any Kerberos-specific options are also specified on the command line, then they are in contradiction
to this request.
For
remsh and rlogin, this means the
-P option can not be used in conjunction with the -F,
-f or -k options.
For
rcp this means the -P
option can not be used in conjunction with the -k option.
For
telnet, this means the
-P option cannot be used in conjunction with the -a or -l options.
WARNING! Password will be sent in a non-secure manner.
WARNING! Kerberos authentication will be bypassed.
The user has specified the -P option on the command line to access a non-secure remote system or
to bypass a bad configuration in the Kerberos environment.
In the cases where a password is requested, the
-P command line option will cause the password to
be sent across the network in a readable form where it could possibly be intercepted or captured.
It is recommended that the user corrects a bad configuration and only uses the
-P option if the
remote system is non-secure.
The first warning is reported by
ftp, rlogin, and telnet. The second warning is reported by
rcp. remsh could report either warning depending upon whether a password is required.
Error messages reported in the syslog by the SIS daemons
ERROR! Access denied. Kerberos authentication must succeed.
The daemon was started with the -A command line switch to ensure that non-secure access by
remote systems will be denied. The user cannot access the remote system unless the local system
has been configured for secure access.
This error is logged by
ftpd and telnetd.
ERROR! Principal <principal> (<remote_user>@<remote_host>) logging in
as <local_user> has no account.
The "local_user" does not have a valid password file entry.
This error is logged by all SIS daemons.
ERROR! Principal <principal> (<remote_user>@<remote_host>) logging in
as <local_user> failed krb5_userok.
Authentication succeeded but authorization failed. The user should verify that their user name is
listed in ˜/.k5login or in the aname file on the remote system. The user’s ˜/.k5login must
have the correct permissions and must be owned by the user (i.e., -rw-r--r--).
This error is logged by all SIS daemons.
ERROR! Principal <principal> (<remote_user>@<remote_host>) logging in
as <local_user> failed ruserok.
The /etc/hosts.equiv or ˜/.rhost files are missing or are not set up properly to authorize
"local_user" (see ruserok(3N)).
This error is logged by rlogind or remshd if they are started with the
-R, -r or -k options.
SEE ALSO
ftp(1), kinit(1), kdestroy(1), klist(1), krbval(1M), rcp(1), remsh(1), rlogin(1), telnet(1), dce_intro(1M),
dce_login(1M), dess_login(1M), ftpd(1M), remshd(1M), rlogind(1M), telnetd(1M), dess(5).
HP-UX 11i Version 2: August 2003 − 3 − Hewlett-Packard Company Section 5−−287