I am connecting by SSH to a RHEL6 server.
When I SSH into the box, I am challenged for my linux username/password (which is a shared account)
pass for mySharedLinuxUser: password123
then I am prompted again for my personal employee number and personal network password:
domain username: 111222
passowrd for [email protected]: my$uper$ecurePasswordHere
I believe the latter bit is done with Kerberos (I see references to ‘kinit’ which I’ve learned is a kerberos thing).
However, the kerberos docs are vast and confusing and I am but a mere confused java dev.
How can I print the kerberos usernae/employee number ‘111222’ after I’ve already logged in?
for example, if I wanted to do person-specific logging while someone is logged in as a service account (“John deployed .war file 1234.war at 6:15am using the generic account… Mary deployed .war file 4321.war at 7:21am using the generic account” etc)
I’m sure the server already does this somewhere for audit purposes, but I can’t find any examples of it.
You can use the
klist command to show your Kerberos principal and cached tickets. For example:
$ klist Ticket cache: KCM:1000 Default principal: [email protected] Valid starting Expires Service principal 08/13/2019 15:00:46 08/14/2019 15:00:23 krbtgt/[email protected] renew until 08/20/2019 15:00:23
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.