Re: Krb5.conf environment variable
It's KRB5_CONFIG. >>>Barnaby, Marty L <[EMAIL PROTECTED]> 08/16/05 3:49 am >>> I've used this successfully before, but now I can't find it. Could someone please tell me the name of the environment variable to use my own krb5.conf file. Marty Barnaby Sandia National Laboratories Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Krb5.conf environment variable
I've used this successfully before, but now I can't find it. Could someone please tell me the name of the environment variable to use my own krb5.conf file. Marty Barnaby Sandia National Laboratories Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
RE: Kerberos ticket access to MS Exchange
Did anyone have any luck with GSSAPI in SMTP and POP? This suggests that they support it. http://www.msexchange.org/tutorials/Telnet-Exchange2003-POP3-SMTP-Troubl eshooting.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Hornstein Sent: Monday, August 01, 2005 12:34 PM To: kerberos@mit.edu Subject: Re: Kerberos ticket access to MS Exchange >something that will eventually not work anyway. The funny thing is, if >you are going to store passwords on your Microsoft AD server acting as >a KDC, then what is the point of having a KDC in the first place...in >terms of Microsoft authentication? This is why I say that Microsoft >uses Kerberos just to appease the 'nix natives. It certainly has >little use in their own products. To be fair to Microsoft ... they do seem to use Kerberos in a number of places. E.g., their instant messaging protocol is Kerberized (I verified that with a network sniffer). From my conversations with Microsoft people, the reason Exchange doesn't do GSSAPI-authenticate IMAP really seems to be more tied up in lack of interest in the Exchange group (for what reason, I dunno). --Ken Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Mail.app with multiple accounts using Kerberos
I've been trying to get Mail.app to work simultaneously with my IMAP accounts at two institutions, each of which uses Kerberos authentication. The best I've been able to do as of yet is to acquire tickets for each realm, then manually switch primary tickets and the online status of the mailboxes. Is there a more efficient way to get Mail or another program to correctly present the appropriate ticket to each server? Thanks, Ross Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: Memory Leak problems with krb5_get_init_creds_password?
On Fri, Aug 12, 2005 at 05:44:21PM -0700, Chet Burgess wrote: > All, > I am having a problem with the krb5_get_init_creds_password > API call. It looks like it is causing a memory leak, or perhaps I am > not freeing things properly. I am trying to write a pretty simple > plugin to an existing application to do kerberos authentication. While > I got everything working properly and authenticating, during a 12-hour > stress test I noticed a 4.5GB memory leak. For those curious, the problem is/was the fact that solaris resolver does not have a call to free the memory allocated by res_ninit(). Since the kerberos code calls this to search DNS for TXT and SRV records in attempt to find the REALM for a server and the KDC(s) for a REALM it needs to use the resolver and this was causing the leak. The work around I found is by placing the REALM and KDC(s) in the krb5.conf file and also adding "dns_fallback = false" to the [libdefaults] section. The "dns_fallback" options tells the libraries to use only the config file and to never try DNS when trying to find a REALM and KDC(s). It is important to note that even if you have the REALM and KDC(s) listed in the file properly the library will still try DNS first, so you MUST add "dns_fallback = false" to turn off the resolver calls. -- Chet Burgess Manager, Enterprise Collaboration Services Information Services Division University of Southern California [EMAIL PROTECTED] 213-740-5160 Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
