User ID/password

Similar Messages

• How to change SSO user's password: Get LDAP URL

  Hi,
  I would like to add a 'change user SSO password' form to my BC4J application. The form's submit button fires an action that calls a PL/SQL package. This package receives 7 parameters, and uses de dbms_ldap package to change the user's password.
  Parameters:
  - LDAP Host
  - LDAP Port
  - User DN
  - SSO Username
  - Old Password
  - New Password
  - Retyped New Password (for confirmation)
  I'm trying with a DataForwardAction event whose purpose is to get the user's account information and the LDAP location, but I can't get the LDAP Location (ClassCastException) and the SSOUsername (NullPointerException).
  I'm using JDeveloper 10.1.2.0.0 (Build 1811)
  My question is: ¿What am I doing wrong? ¿Is there any easier way to do this?
  The code is below:
  import javax.servlet.http.HttpServletRequest;
  import oracle.adf.controller.struts.actions.DataActionContext;
  import oracle.adf.controller.struts.actions.DataForwardAction;
  import oracle.security.jazn.JAZNConfig;
  import oracle.security.jazn.spi.ldap.LDAPJAZNProvider;
  public class ChgPwdAction extends DataForwardAction
    public void onChange(DataActionContext ctx) throws Exception
      HttpServletRequest request = ctx.getHttpServletRequest();
      String host                = null;
      String port                = null;
      String userDN              = null;
      String SSOUsername         = null;
      String oldPwd              = null;
      String newPwd              = null;
      String confirmNewPwd       = null;
      try
        LDAPJAZNProvider ldapProvider = (LDAPJAZNProvider)JAZNConfig.getJAZNConfig().getJAZNProvider();
        host = ldapProvider.getJAZNConfig().getLocationURL().getHost();
        port = "" + ldapProvider.getJAZNConfig().getLocationURL().getPort();
      catch (ClassCastException e)
        //System.out.println(e);
        throw new Exception("Missing LDAP location");
      try
        userDN = request.getHeader("Osso-User-Dn");
      catch (NullPointerException e)
        //System.out.println(e);
        throw new Exception("Missing User DN.");
      SSOUsername   = request.getRemoteUser();
      oldPwd        = (String)request.getParameter("oldPwd");
      newPwd        = (String)request.getParameter("newPwd");
      confirmNewPwd = (String)request.getParameter("confirmNewPwd");
      request.setAttribute("Host", host);
      request.setAttribute("Port", port);
      request.setAttribute("UserDN", userDN);
      request.setAttribute("SSOUsername", SSOUsername);
      request.setAttribute("OldPwd", (String)ctx.getHttpServletRequest().getParameter("oldPwd"));
      request.setAttribute("NewPwd", (String)ctx.getHttpServletRequest().getParameter("newPwd"));
      request.setAttribute("ConfirmNewPwd", (String)ctx.getHttpServletRequest().getParameter("confirmNewPwd"));
      //System.out.println (userDN + "-" + SSOUsername);
    // To override a method of the lifecycle, go to
    // the main menu "Tools/Override Methods...".
  }Thanks in advance.

  Hi again,
  First of all, thanks for your reply.
  Yes, I know I can use JNDI instead of a call to a PL/SQL package (I visited this link: http://forum.java.sun.com/thread.jspa?threadID=592611&start=0 that explains how to do it), but in both cases I have the same problem: I don't know if it's possible to get the LDAP's environment specifications (PROVIDER_URL, SECURITY_PROTOCOL) dynamically.
  Our production environment's LDAP is not the same as our development environment's LDAP. This is why I want to get this information dynamically.
  I think that this information is stored in the jazn.xml file: Is there any way to get this information?
  Thanks a lot.

• Question on how to Hide the User Name, Password, and Domain fields in the MDT Wizard

  MDT 2012 U1
  Deploying Windows 7 via Offline Media (ISO) to MS Virtual PC's
  I am looking on how to Hide the User Name, Password, and Domain fields which are prepopulated in the MDT wizard via the CS.ini (Not so concerned about the Domain field as I am User Name and Password)
  We do need the Computer Name and OU fields to be seen, so skipping the wizard is not a option
  The client just does not want these fields to be seen by the end users, they dont want them to even know the account name used for adding the machine to the domain, of course the password is not displayed but it must not be displayed either.
  But since we use the fields they must still  be fuctional just not seen.
  Thanks.....
  If this post is helpful please click "Mark for answer", thanks! Kind regards

  You shouldn't have to edit DeployWiz_Definition_ENU.xml. You should only need to add "SkipAdminPassword=YES" to the CS.ini file and your authentication information.
  Example:
  [Settings]
  Priority=Default
  Properties=MyCustomProperty
  [Default]
  OSInstall=Y
  SkipCapture=NO
  SkipAdminPassword=YES
  UserID=<MyUserID>
  UserPassword=<MyPassword>
  UserDomain=<MyDomain.com>
  SkipProductKey=NO
  SkipComputerBackup=YES
  SkipBitLocker=NO
  -Nick O.
  Nick,
  SkipAdminPassword=YES is for:
  You can skip the Administrator Password wizard page by using this property in the
  customsettings.ini.
  I am hidding the Username/Password/and domain field in the computer name Wizard pane which is read from the cs.iniDomainAdmin=xxxxx
  DomainAdminPassword=xxxxx
  DomainAdminDomain=xxxxxx
  JoinDomain=xxxxxx
  If this post is helpful please click "Mark for answer", thanks! Kind regards

• Linking to an OBIEE report without showing the user and password

  Hi!
  we are trying to access to an obiee report from an external portal (coded with php).
  The idea is that the user clicks on a link an gets the report in pdf format. For that purpose we are using this url:
  http://ttivobiee01:7001/analytics/saw.dll?Go&Path=/shared/Prueba/ogp_obi&Action=Print&P0=1&P1=eq&P2="Criteria"."Key"&P3=1402&NQuser=user&NQPassword=pass&format=pdf
  But this url is expossing OBIEE's user and password.
  In order to avoid this security issue we tried to do an wget of the url but it doesn't return the report. Instead we get an html, which seams to download the report chunk by chunk (using javaScript).
  The question is, is there any way that we could let our portal ussers access to an obbie report without expossing the user and password?
  I have been looking into oracle forums and have found this: OBIEE Go URL with password protected
  but we couldn't use this aproach due to security issues.
  Thanks!
  Nuria

  Hi!
  We have finally done this (and it works!)
  <?php
  $urlInforme='http://obi:7001/analytics/saw.dll?Go&Path=/shared/Prueba/ogp_obi&Action=Print&P0=1&P1=eq&P2="Criterios"."Clave oficial"&P3=1402&NQuser=user&NQPassword=pass&format=pdf';
  $ch = curl_init($urlInforme);
  $ckfile = tempnam ("./", "CURLCOOKIE");
  $ch = curl_init ($urlInforme);
  curl_setopt ($ch, CURLOPT_COOKIEJAR, $ckfile);
  curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
  $output = curl_exec ($ch);
  $ch = curl_init ($urlInforme);
  curl_setopt ($ch, CURLOPT_COOKIEFILE, $ckfile);
  curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
  $fp = fopen("salida.pdf", "w");
  curl_setopt($ch, CURLOPT_FILE, $fp);
  $output = curl_exec ($ch);
  curl_close($ch);
  fclose($fp);

• I tried to upgrade the ios on the phone and I was asked for my icloud user and password. I don't remember these exactly and I tried several times with different options but unsuccessfully. I also forget my email used to configurate the phone.

  How i said on the question. I tried to upgrade the ios on the phone and I was asked for my icloud user and password. I don’t remember these exactly and I tried several times with different options but unsuccessfully. I also forget my email used to configurate the phone. I have the phone box and the bill. I sent you an email with my problem and attachments with the box informations, the bill and the reset request. What to do? You said to me:
  Your request comes from an unrecognized email domain. Apple accepts email requests only from email domains for Apple-authorized carriers.
  Please re-submit your request using your official carrier domain.
  but this email is authorized, what to do??
                                                                                                            respectfully, Beba

  If you have forgotten then these links are the only way to resolve
  http://www.apple.com/support/appleid/
  As long as you have owned the iPhone from new and your Apple id is the one used to activate when new
  OR have you recently purchased the iPhone secondhand ?

• I'm trying to get into game center to download some things. Enter user id/password then keep getting a "you are not part of this/the administrator group" then a cancel or retry command. What do I do? (I am using a friends wi-fi) What d

  I am trying to get into the Game Center and download some apps. I enter my user id/password the keep getting a "you are not part of the/this administrators group" message then a cancel/retry command. What do I do to become part of this/the administrators group? I am using a friend's wi-fi...Help!

  I am trying to get into the Game Center and download some apps. I enter my user id/password the keep getting a "you are not part of the/this administrators group" message then a cancel/retry command. What do I do to become part of this/the administrators group? I am using a friend's wi-fi...Help!

• How can I Change a User's password remotely

  Hi all
  I setup an iChat Server. I need to allow the users the ability to change their password without physically accessing the server (including via Remote Managment)
  Thow some iChat(jabber) Clients support changing the password, the iChat Server does not appear to have this option.
  Is there any way to remotely change a user's password ?
  A possible solution would be to setup a Webpage allowing the user to logon and change the Password.
  Is there any web managment tool on OS X Server for this ?
  Any other sugestions?
  Thanks,
  Best regards

  This is getting depressing. I've just speand most of a day getting the OID to support ldaps SSL protocol, since I read that a number of active directory services only allow password change if the connection is encrypted. Finally got my ldaps connection, but the NoPermissionException is still there. The user I'm signing on as is definitely has user security management permissions. I can't seem to modify attributes at all. I added my own optional attribute to the schema, but JNDI can't set it.
  Perhaps the oracle LDAP library in jpdk might help, but I'm not hopeful. If I could find any API documentation I might be more moved to try, but I see no setPassword methods in the relavant classes. This just looks like a fairly thin wrapper for JNDI anyway.
  Does anyone know where the API doc for oracle.ldap.* is? Has anyone got a password to change other than by the SSO's built in change password dialog?
  I'm not hopeful. On these boards I've found many questions along these lines but, thus far, no answers.

• I am trying to sign in to attend a session and it says 'Invalid user or password. Please try again.' I have reset my password and it still doesn't work. I created a new AdobeID and it still doesn't work. I need to attend this training. How can I get in?

  I am trying to sign in to attend a session and it says 'Invalid user or password. Please try again.' I have reset my password and it still doesn't work. I created a new AdobeID and it still doesn't work. I need to attend this training. How can I get in?

  Sorry to hear about this problem. What site are you trying to log in on? Is it a Mozilla site? Usually you don't need to register or sign in to a Mozilla site to use Firefox. Usually you can just go straight to where you want to go.

• HT1515 Will Airport Express work in hotels in China? They require user name/password to connect. Has anyone used one there?

  I will be traveling in China with my iPad2 and want to use hotel wireless. It requires a sign-in with user name/password.  Can I use an Airport Express for this purpose? How do I set it up for that? I have an old Express (pre-2007); can I use it or do I need to upgrade to the new model?

  OK - I have never been to China but the posts here say that it can be done - the cable from the hotel should be connected to the WAN port of the Express - the Express should be in bridge mode and set to create a wireless network with a name and password of your choice - you can do this with a computer before you leave for China or with the iPad if you have previously downloaded the Airport Utility app - you would then connect to your network and attempt to bring up a web page such as Google - the hotel should then intervene and ask you for the login info that they have provided.
  Charlie

• How to reset the forgotten Windows user account password

  I need Toshiba password reset! How do I reset Toshiba laptop? I would be appreciated if you help me Toshiba password recovery, etc. Well, so frequently to meet these problems in our lives. Today, we together share some ways to reset Toshiba password.
  Solution1: Toshiba recovery disks help reset lost password
  It only works if we created the recovery disks or CD before we forgot the password. The following listed are the steps to reset disk for Toshiba Windows 7 recovery:
  a. Start PC, log on Windows 7 and insert an USB flash drive into the driver.
  b. Start -> Control Panel -> User Accounts and Family Safety -> User Accounts -> Create a password reset disk.
  c. In welcome screen click Next and select the inserted USB flash drive, click Next.
  d. Input the login password in the password field and click Next. When progress indicator shows 100% complete, click Finish to exit. Remove the USB driver from PC.
  The method is similar to create a Toshiba recovery CD. Now, the Toshiba Windows 7 password recovery disk is ok. Put it in a safe place for people may use it to reset your password.
  Steps to recover password with created Toshiba password reset disk:
  e. Click Reset Password in the Windows 7 logon window,
  f. Insert the created Toshiba recovery USB disk into the USB driver interface, and click Reset password" to open Password Reset Wizard. Click Next to continue.
  g. Choose this USB disk recovery Toshiba from the drop down box. Click Next to continue.
  h. Input a new password and re-input it again to confirm. Click Next and then Finish to close the wizard.
  Solution2: Reset Toshiba laptop by accounts with administrator rights
  If there is default or built-in admin account or other accounts with administrator privileges and rights, we can use it for Toshiba password bypass. Take Toshiba XP recovery as example:
  A. Boot system from Safe Mode by pressing F8 when PC stars.
  B. Access PC with the available account with administrator rights and privileges.
  C. Start - Local Users and Groups lusrmgr.msc in the Search box ENTER - Local Users and Groups - choose Users.
  D. Right click the account with unlocked password, select Set Password and then input and confirm the new password.
  Solution3: Reset Toshiba password with burned ISO image file
  We can burn an .iso image file into a bootable USB disk or CD/DVD and reset the forgotten password easily and quickly. Take one of the most popular Windows password reset tool Ainorsoft Windows Password Recovery as example:
  a. Download the program from an accessible PC;
  b. Burn its .iso file to a blank CD/DVD or USB disk;
  c. Bypass the lost Toshiba password with the burned CD/DVD on the locked PC.
  Things will not be tricky if we know the methods for Toshiba password reset once we forgot Toshiba laptop password! Please also remember to share them with your friends!

  Thanks for sharing this but you are talking always about Toshiba passwordthis is wrong and I think this could be a little confusing this is a workaround for windows user account password.
  As far as I know there are no password set by Toshiba.
  The user can set the windows user account password if necessary so this workaround describes how to delete a Windows user account password which is common for all computers with preinstalled Windows OS.
  However, thanks for posting ;)

• File Adapter - anonymous login (or )User name ,password login - Efficient?

  Hi Folks,
  In File Adapter processing , anonymous login (or) proper user name password based login is recommended ?
  Because we have faced many issue while using username based login in File adapter  .
  Which one is best ?
  Regards.,
  Shiva

  Hi Shiva ,
  We will go one by one :
  You can go for the Anonymous login  but the problem is the any body can access the FTP server and it is not the secure one,that is why business generally don't allow the Anonymous login.
  Coming to Proper user name password login ,I would advice you to use this one as the connection is more secure in this case.But this also comes with a problem that the username password generally expires after some time as per security policy and you have to change the username password for the FTP server as well as in File adapter which you are using.But this problem can be solved by going for a permanent username and password.
  I would recommend you to go for Proper user name and password.
  Regards
  Ravi Anand
  Edited by: Ravi Anand@85 on Mar 12, 2010 7:56 AM

• External Web Service - User and password in HTTP header

  Hi!
  How is it possible to add user and password in the HTTP header in a external web service call? 
  I have created a "Portal Service from WSDL file - Client side" with the wizard in SAP Developer Studio.  I following the Java Development Guide - Web Service Security, and use the <i>secured service connection</i>.  I have also created a new <i>System Landscape</i>, but should the new system be based on HTTP, my own PAR or what?
  How can I check that the user and password is added to the HTTP header or the SOAP envelope? Do I have to scan http traffic with a proxy as Paros or can I find the request sent from SAP EP in the logs?
  Cheers
  Asle

  Hello All,
  I have been struggling a bit while putting a reasonable security framework on a jax-rpc style web service. I'm using JWSDP1.2 to set up the webservice. I've tried to outline my problem below. Please correct me where I'm wrong.
  I've been through the Sun's WS tutorials, but they are not really clear on security. However, from them I surmised that there are two decent authentication techniques. HTTP Basic and mutual authentication (MA) . Both have their drawbacks though. HTTP Basic suffers from poor encryption while MA is a bit difficult to set up on both client and server sides. Another problem with MA is that there is no central repository for users/passwords.
  OK, what I would really like to do is use my own user database to verify users/passwords i.e. use a HTTP Basic like authentication (but at application level) but run it over SSL for encryption. It seems simple, but is it possible?
  Also, I have noted that when I use HTTP Basic on the service side, and use a java client, then setting username/password has no effect. In other words, I can always access the web-service, even with wrong username/password.
  Sorry for the long post. Hope someone can help. Thanks.

• Error: sql.SQLError: [-4008] (at 1) Unknown user name/password combination

  Hello Experts,
  After a Test refresh for SCM system, we restored Livecache. The database has been changed and starts using database manager, during registration (Register LCApps) it gives the following error:
  Logical Command: DBMRFC
  Parameter: exec_lcinit register
  Name and Server     : LCQ - dusepierp12
  DBMRFC Function     : DBM_EXECUTE
  Command             : exec_lcinit register
  Error               : DBM Error
  Return Code         :     -24964
  Error Message       : ERR_EXECUTE: error in program execution#
  0,sap\lcinit LCQ  register -uDBM , -uDBA , -uSQL ,
  liveCache LCQ (register)
  The liveCache state is ONLINE
  DBMServer 7.6.04   Build 009-123-182-193
  Creating liveCache application procedures
  ERROR : liveCache LCQ not registered (see "s:\sapdb\data\wrk\LCQ\lcinit.log").
  START *****************************
  liveCache LCQ (register)
  Thu 07/30/2009
  10:26 PM
  installation path = S:\sapdb\LCQ\db
  OK
  DBMServer 7.6.04   Build 009-123-182-193
  Creating liveCache application procedures
  ERR
  -24964,ERR_EXECUTE: error in program execution
  1,""S:\sapdb\LCQ\db\bin\x_python" "S:\sapdb\LCQ\db\env\lapps.py" -R "S:\sapdb\LCQ\db" -d LCQ -u DBADMIN,*"
  Traceback----
  Error----
  sql.SQLError: [-4008] (at 1) Unknown user name/password combination
  Traceback (most recent call last):
    File "S:\sapdb\LCQ\db\env\lapps.py", line 38, in ?
      connectAndInstall (install, install.__doc__)
    File "S:\sapdb\LCQ\db\env\installib.py", line 398, in connectAndInstall
      session = connect (options)
    File "S:\sapdb\LCQ\db\env\installib.py", line 350, in connect
      alterUserNotExclusive(options)
    File "S:\sapdb\LCQ\db\env\installib.py", line 338, in alterUserNotExclusive
      session.release()
  AttributeError: 'NoneType' object has no attribute 'release'
  ERROR : liveCache LCQ not registered
  Thu 07/30/2009
  10:26 PM
  END ******************************
  Many Thanks,
  TIA,
  Nisch

  Nischal Mahakal wrote:>
  > Hello Experts,
  >
  > After a Test refresh for SCM system, we restored Livecache. The database has been changed and starts using database manager, during registration (Register LCApps) it gives the following error:
  > -24964,ERR_EXECUTE: error in program execution
  > 1,""S:\sapdb\LCQ\db\bin\x_python" "S:\sapdb\LCQ\db\env\lapps.py" -R "S:\sapdb\LCQ\db" -d LCQ -u DBADMIN,*"
  > -
  Traceback----
  Hi there,
  looks like you entered "DBADMIN" when you created the liveCache instance in DBMGUI as the DBM Operator.
  For SAP installations, this user is always named "CONTROL".
  So, drop the instance again, recreate it with "CONTROL" and re-do the recovery of the liveCache backup.
  regards,
  Lars

• HT1600 I have an Apple TV 2nd Gen, iPad 2 and can't get the icon to appear when i swipe from left to right. What am I missing? I am able to get the 'Home sharing' 'user and password on my Mac.

  I have an Apple TV 2nd Gen, iPad 2 and can't get the icon to appear when i swipe from left to right. What am I missing?
  I am able to get the 'Home sharing' 'user and password on my Mac.
  Also using IPad 2 I am able to get the ITunes to accept the user name and same password as the Mac.
  However, the only way I can see the 'Home sharing; icon is in Music on the Ipad. When I tap on the Icon it asks for a password.
  When I give the same password, it is rejected.
  Help!!!!
  Jaxxdiggs

  Personally I think the iOS devices are poor at reconnecting  - Airplay establishes that a link is available but when the iPhone/iPad has been away from the house and rejoins the network i think AppleTV already thinks it's connected with a different IP address and fails to recognise it has joined the network again with new credentials.
  Something along those lines anyway.
  I find that a combination of restarting AppleTV, router and iOS device tends to fix it, but not for everyone.
  AC

• How to automatically open browser window for getting user id & password

  i have created a jsp page, that page cannot be open by anyone anyway, it should be only visible to me only.
  how do i achieve this.
  my requirement is that whenever any one request for that jsp page, browser should automatically open one window and ask for user id & password, if it is right then the page should be displayed else error should be shown.

  Adding the following to web.xml will define security constraints for all resources under the /admin directory, also only a user in the manager role will have access to these resources.
  For tomcat you can look at the conf/tomcat-users.xml file for setting up users and roles
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>Secure Pages</web-resource-name>
                 <description></description>
                 <url-pattern>/admin/*</url-pattern>
                 <http-method>GET</http-method>
                 <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <description></description>
                 <role-name>manager</role-name>
            </auth-constraint>
       </security-constraint>
       <security-role>
            <description></description>
            <role-name>manager</role-name>
       </security-role>

• Irregular failure to authenticate OpenDirectory users via password-based ssh

  TL;DR - my Yosemite Open Directory server irregularly fails to properly authenticate users (via password-based ssh). 
  I recently moved an Open Directory server from an Xserve running 10.6 to a new Mini running 10.10.  I archived the OD config on the Xserve and then took it offline.  Then I brought the Mini online using the same hostname/IP address, created a new OD master using the archived configuration.  Everything seemed to work well, however sometimes the server will not authenticate users via password when logging in with ssh/sftp/scp.  This is also true of a few OS X machines that bind to the OD server (i.e. they usually authenticate users properly, but sometimes fail for no discernable reason). 
  The failures are only for password authentication using ssh.  Other mechanisms do not exhibit the auth failures.  For instance, AFP and SMB user auth never fails (with proper credentials).  Nor do users to a FileMaker Server machine that authenticate via the OD server have problems.  Public key based ssh authentication never fails.  Local accounts (non-OD, aka "Local Network Accounts") also do not fail using password-based authentication.
  The failures are irregular.  The only pattern that I can find at all is that sometimes when the failures start happening, they keep happening continuously until...at some point they work properly again.  That is, they may fail from 11:15 am to 2:01 pm, and if so, then all of them fail in that time range.  Sometimes that time range lasts seconds, sometimes it lasts hours.
  The time range failure pattern is host specific.  For instance, if password authentication is failing on the main OD server, authentication may be fine on the other bound machines.  If authentication is failing on one of the bound machines, then it may be fine on all others and fine on the OD server itself.
  The failure pattern does not seem to correlate to any other events or activity on the server (even remotely).  CPU utilization never gets above about 15%.  Memory utilization is similarly very low.  Network traffic is occasionally high, but it does not seem in any way related to the auth failures.  There are not other log messages that occur before or after the failures with any consistency.
  I've been monitoring the auth failures by attempting to login to the OD server and two other bound hosts once per minute so that I can tell when the auth is failing (before getting calls from the users). 
  The adaptive firewall is not running on the OD server.  Nor is any other firewall.
  Below are a comparison of the system.log entries for a failed and successful auth (I've stripped out those lines that are identical in both instances).  The log entries have been sanatized as described.
  Rebooting the OD server does not affect the bound clients' authentication.  Rebooting the OD server is problematic, and I cannot do it often.  When I do, sometimes failures start soon after reboot, and sometimes that don't come back for many hours - again, no discernable pattern.
  If anyone has any ideas what I can do to discover the source of this problem and come up with a solution, I'd very much appreciate it.  Note that I'm aware that I can export all users and group and reconstruct a new, clean OD master, but without the ability to save the passwords, this becomes a large logisitcal problem, and I'm saving it as a last resort (particularly since if it doesn't solve my problem, I will have inconvenienced many users and be right back in the same place).
  Thanks for reading.
  First failure:
      Feb 11 00:00:20 odserver.myorg.gov kdc[67]: TGS-REQ [email protected] from 127.0.0.1:65373 for host/[email protected] [canonicalize, forwardable]
      Feb 11 00:00:20 odserver.myorg.gov opendirectoryd[67268]: GSSAPI Error:  Miscellaneous failure (see text (unable to reach any KDC in realm ODSERVER.MYORG.GOV, tried 2 KDCs (negative cache))
      Feb 11 00:00:20 odserver.myorg.gov sshd[72974]: error: PAM: authentication error for myusername from clienthost.myorg.gov via 10.50.50.50
      Feb 11 00:00:20 odserver.myorg.gov sshd[72974]: Connection closed by 10.50.50.99 [preauth]
  Now successful auth:
      Feb 11 01:03:20 odserver.myorg.gov kdc[67]: TGS-REQ [email protected] from 127.0.0.1:63978 for host/[email protected] [canonicalize, forwardable]
      Feb 11 01:03:20 odserver.myorg.gov kdc[67]: TGS-REQ [email protected] from 127.0.0.1:62346 for ldap/[email protected] [canonicalize, forwardable]
      Feb 11 01:03:20 odserver.myorg.gov sshd[73786]: Accepted keyboard-interactive/pam for myusername from 10.50.50.99 port 53361 ssh2
      Feb 11 01:03:20 odserver.myorg.gov NetAuthSysAgent[73789]: GetStatus: connecting to self not allowed
     Feb 11 01:03:20 odserver.myorg.gov NetAuthSysAgent[73789]: ERROR: AFP_GetServerInfo - connect failed 62
  I've sanitized the entries as follows, replacing...
  My username by myusername
  The ssh source host IP address by 10.50.50.99
  The ssh source hostname by clienthost.myorg.gov
  The server hostname by odserver.myorg.gov
  The server hostname (in caps) by ODSERVER.MYORG.GOV
  The server IP address by 10.50.50.50

  Hello James,
  I have not had a chance to look for the Router configuration document, however, for one of my certificate exams I did configure Authentication Proxy on an IOS router. The config for that lab was:
  aaa new-model
  aaa authentication login default group tacacs+ local
  aaa authorization auth-proxy default group tacacs+ local
  aaa session-id common
  ip auth-proxy name AUTHPROXY http inactivity-time 60
  interface FastEthernet0/0
  ip address 192.168.250.19 255.255.255.0
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface FastEthernet0/1
  ip address 192.168.200.120 255.255.255.0
  ip access-group 110 in
  ip nat inside
  ip virtual-reassembly
  ip auth-proxy AUTHPROXY
  duplex auto
  speed auto
  ip route 0.0.0.0 0.0.0.0 192.168.250.1
  ip http server
  ip http authentication aaa
  no ip http secure-server
  ip nat inside source list nat interface FastEthernet0/0 overload
  ip access-list extended nat
  permit ip 192.168.200.0 0.0.0.255 any
  access-list 110 permit ip any any
  tacacs-server host 192.168.250.20
  tacacs-server key cisco123
  end
  Please check if the commands are supported on your router as well.
  If this ws helpful please rate.
  Regards.