I am connecting by SSH to a RHEL6 server.
When I SSH into the box, I am challenged for my linux username/password (which is a shared account)
username: mySharedLinuxUser
pass for mySharedLinuxUser: password123
then I am prompted again for my personal employee number and personal network password:
domain username: 111222
passowrd for 111222@defaultDomain: my$uper$ecurePasswordHere
I believe the latter bit is done with Kerberos (I see references to 'kinit' which I've learned is a kerberos thing).
However, the kerberos docs are vast and confusing and I am but a mere confused java dev.
How can I print the kerberos usernae/employee number '111222' after I've already logged in?
for example, if I wanted to do person-specific logging while someone is logged in as a service account ("John deployed .war file 1234.war at 6:15am using the generic account… Mary deployed .war file 4321.war at 7:21am using the generic account" etc)
I'm sure the server already does this somewhere for audit purposes, but I can't find any examples of it.
Thanks!
Best Answer
You can use the
klist
command to show your Kerberos principal and cached tickets. For example: