HP-UX Reference (11i v2 04/09) - 5 Miscellaneous Topics (vol 9)
s
sis(5) sis(5)
will accompany this error message.
This error message will also be generated if the user attempts to access a nonsecure remote system.
In which case, this message will be preceded by the message:
To bypass Kerberos
authentication, use the -P option .
This error is reported by ftp, rlogin and telnet.
ERROR! Kerberos-specific options are invalid with the -P option.
The -P command-line option indicates that Kerberos authentication should not be performed. If
any Kerberos-specific options are also specified on the command line, then they are in contradiction
to this request.
For
remsh and rlogin, this means the
-P option can not be used in conjunction with the -F, -f
,
or
-k options.
For
rcp this means the -P
option can not be used in conjunction with the -k option.
For
telnet, this means the
-P option cannot be used in conjunction with the -a or -l options.
WARNING! Password will be sent in a non-secure manner.
WARNING! Kerberos authentication will be bypassed.
The user has specified the -P option on the command line to access a nonsecure remote system or
to bypass a bad configuration in the Kerberos environment.
In the cases where a password is requested, the
-P command-line option will cause the password to
be sent across the network in a readable form where it could possibly be intercepted or captured.
It is recommended that the user corrects a bad configuration and only uses the
-P option if the
remote system is nonsecure.
The first warning is reported by
ftp, rlogin, and telnet. The second warning is reported by
rcp. remsh could report either warning depending upon whether a password is required.
Error Messages Reported in the syslog by the SIS Daemons
ERROR! Access denied. Kerberos authentication must succeed.
The daemon was started with the -A command-line option to ensure that nonsecure access by
remote systems will be denied. The user cannot access the remote system unless the local system
has been configured for secure access.
This error is logged by
ftpd and telnetd.
ERROR! Principal principal (remote_user @remote_host ) logging in as local_user has no
account.
The local_user does not have a valid password file entry.
This error is logged by all SIS daemons.
ERROR! Principal principal (remote_user @remote_host ) logging in as local_user failed
krb5_userok.
Authentication succeeded but authorization failed. The user should verify that their user name is
listed in ˜/.k5login or in the aname file on the remote system. The user’s ˜/.k5login must
have the correct permissions and must be owned by the user (that is, -rw-r--r--).
This error is logged by all SIS daemons.
ERROR! Principal principal (remote_user @remote_host ) logging in as local_user failed
ruserok.
The /etc/hosts.equiv or ˜/.rhost files are missing or are not set up properly to authorize
local_user (see ruserok (3N)).
This error is logged by
rlogind or remshd if they are started with the -R, -r,or-k options.
SEE ALSO
ftp(1), kinit(1), kdestroy(1), klist(1), krbval(1M), rcp(1), remsh(1), rlogin(1), telnet(1), dce_intro(1M),
dce_login(1M), dess_login(1M), ftpd(1M), remshd(1M), rlogind(1M), telnetd(1M), dess(5).
HP-UX 11i Version 2: September 2004 − 3 − Hewlett-Packard Company Section 5−−333