Re: experiences with krb clients on guest wireless networks?
Hi, the best solution as far as I know would be a IP over DNS tunnel. That works even when using other DNS servers is prohibited, but it is almost certainly illegal in the US (in Europe it is) to use them to circumvent port blocking. This will get you around almost all fascist firewalls and censorship systems. If you just want to get Kerberos working in most environments (i.e. not some authoritarian dictatorships like Saudi Arabia or China) just using port 443 should be completely sufficient. Best Regards, Benjamin signature.asc Description: Digital signature Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
remctld on windows XP
Hi Everyone, Looking at the remctl web site, it says that the remctl server is not supported on windows. We would like to use remctld on Windows XP. What would be involved in making that work? Is that possible? Thanks, Jason Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: experiences with krb clients on guest wireless networks?
On Thu, 2010-02-25 at 22:13 -0500, Abe Singer wrote: Some of our users have had the problem of being on guest wireless networks (e.g. at universities) which are heavily firewalled, blocking everything except tcp ports 22, 80, and 443 (and sometimes udp/tcp 53). Needless to say, clients can't talk to our KDC from that network. It doesn't help you now, but we're hoping that IAKERB (due out in 1.9) can eventually help with this situation, although it will require app support. With IAKERB, heavily firewalled clients can get tickets using app servers as a proxy, without trusting the app server like you would sending the password. Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: remctld on windows
Jeffrey Altman wrote: On 2/25/2010 9:52 PM, Russ Allbery wrote: Jason Edgecombe ja...@rampaginggeek.com writes: Dang. Thanks. The drawback to the Java server implementation is that it doesn't actually run anything, just provides a Java class that handles the protocol and lets you get the command to do with what you want. But with that said, if you have any Java developers on staff, you may want to try that approach and see if that gives you what you want. I expect to have some resources allocated to do additional work on the Java code (both client and server) within the next six months if there's anything anyone would particularly like to see. The important question is what commands do you want to execute on Windows using remctld? I want to add a remctl interface to Network Identity Manager for the client side and create a native remctld that adds commands via a dll based plugin interface for the server side. Jeffrey Altman We want to have a tool for our help desk students to list and kill processes for other users on workstations along with being able to trigger a remote shutdown or reboot. Sincerely, Jason Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: remctld on windows
Jason Edgecombe ja...@rampaginggeek.com wrote: We want to have a tool for our help desk students to list and kill processes for other users on workstations along with being able to trigger a remote shutdown or reboot. Tasklist.exe, taskkill.exe and shutdown.exe are already on Windows systems and already do this, assuming you have the proper admin share access enabled on the remote system. The more generic psexec.exe is available from sysinternals: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx and the Linux version of it at: http://eol.ovh.org/winexe/ There is also the wmic.exe command and its associated options: http://technet.microsoft.com/en-us/library/bb742610.aspx CDC Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: remctld on windows
Christopher D. Clausen wrote: Jason Edgecombe ja...@rampaginggeek.com wrote: We want to have a tool for our help desk students to list and kill processes for other users on workstations along with being able to trigger a remote shutdown or reboot. Tasklist.exe, taskkill.exe and shutdown.exe are already on Windows systems and already do this, assuming you have the proper admin share access enabled on the remote system. The more generic psexec.exe is available from sysinternals: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx and the Linux version of it at: http://eol.ovh.org/winexe/ There is also the wmic.exe command and its associated options: http://technet.microsoft.com/en-us/library/bb742610.aspx Can this be run by non-priviledged used without needing the admin password? I need a kind of remote sudo to do the task list and such, preferably cross-platform. We have an in-house system that I would like to replace for various reasons. Jason Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: remctld on windows
Jason Edgecombe ja...@rampaginggeek.com wrote: Christopher D. Clausen wrote: Jason Edgecombe ja...@rampaginggeek.com wrote: We want to have a tool for our help desk students to list and kill processes for other users on workstations along with being able to trigger a remote shutdown or reboot. Tasklist.exe, taskkill.exe and shutdown.exe are already on Windows systems and already do this, assuming you have the proper admin share access enabled on the remote system. The more generic psexec.exe is available from sysinternals: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx and the Linux version of it at: http://eol.ovh.org/winexe/ There is also the wmic.exe command and its associated options: http://technet.microsoft.com/en-us/library/bb742610.aspx Can this be run by non-priviledged used without needing the admin password? I need a kind of remote sudo to do the task list and such, preferably cross-platform. We have an in-house system that I would like to replace for various reasons. I am fairly certain you can grant the ability to force shutdown from a remote system without needing a user to be in the Administrators group on a system. Not sure about the other commands. I'd hope not just anyone could start killing my processes though, that would be bad. - You could have remctld on non-windows call commands using http://eol.ovh.org/winexe/ with the appropriate parameters passed in. This actually might be simpler as you could keep the credentials used for authentication on the single system running remctld and ACL commands there to subsets of computers instead of needing to configure remctld on every computer. In theory the user on the remctl side only needs permission to make the call through remctld and it will have embedded credentials to access the system. CDC Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos