On Tue, 2015-12-01 at 11:34 -0500, Marc Boorshtein wrote:
> Simo & Team,
>
> After talking to the OpenJDK security list it turned out there is a
> bug in JDK8. The issue is fixed in JDK9 and after testing I'm running
> into a new issue. Same scenario described earlier in this email
> chain, but
On Tue, 2015-12-01 at 11:55 -0500, Marc Boorshtein wrote:
> >
> > How do you acquire the user ticket ?
> >
>
> Using a keytab. Here's a link to the example code I'm using:
> https://github.com/ymartin59/java-kerberos-sfudemo I have Java set to
> use IPA as the DNS server and I'm passing in
>
> How do you acquire the user ticket ?
>
Using a keytab. Here's a link to the example code I'm using:
https://github.com/ymartin59/java-kerberos-sfudemo I have Java set to
use IPA as the DNS server and I'm passing in mmosley as the user to
impersonate and HTTP/freeipa.rhelent.lan as the
FreeIPA Team,
I've created a plugin for working with freeipa, but right now its
using reverse engineered JSON that I then turned into Java POJOs. It
works but I'd like to have something a bit better managed. Is there
any documentation or a place in the code base I can look for a more
formal
On Tue, 2015-12-01 at 12:55 -0500, Marc Boorshtein wrote:
> I can now get a ticket! This is how I originally created the user:
>
> $ kinit admin
> $ ipa service-add HTTP/s4u.rhelent@rhelent.lan --ok-as-delegate=true
ok-as-delegate != ok_to_auth_as_delegate ...
I know, it is a little
I can now get a ticket! This is how I originally created the user:
$ kinit admin
$ ipa service-add HTTP/s4u.rhelent@rhelent.lan --ok-as-delegate=true
Here's the object in the directory:
dn: krbprincipalname=HTTP/s4u.rhelent@rhelent.lan,cn=services,cn=accounts,
dc=rhelent,dc=lan
Got it. BTW, with that java 8 s4u2self works too. Thanks again for the help!
Marc Boorshtein
CTO, Tremolo Security, Inc.
On Dec 1, 2015 1:14 PM, "Simo Sorce" wrote:
> On Tue, 2015-12-01 at 12:55 -0500, Marc Boorshtein wrote:
> > I can now get a ticket! This is how I originally
Marc Boorshtein wrote:
> FreeIPA Team,
>
> I've created a plugin for working with freeipa, but right now its
> using reverse engineered JSON that I then turned into Java POJOs. It
> works but I'd like to have something a bit better managed. Is there
> any documentation or a place in the code
What projects (including my own) doesn't need better docs? :-) Once I
publish the work I'm doing part of that will have a step-by-step on
getting this setup. It was pretty easy really if you are comfortable
with LDAP.
Marc Boorshtein
CTO Tremolo Security
marc.boorsht...@tremolosecurity.com
(703)
>
> IPA 4.2 has an experimental API browser in the GUI, IPA Server -> API
> browser.
>
has 4.2 made it into centos 7 yet? or only in fedora?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more
Great. Doesn't look like its made it into CentOS yet (still at 7.1).
OK, going to go ahead and get it running on Fedora 23.
Thanks
Marc Boorshtein
CTO Tremolo Security
marc.boorsht...@tremolosecurity.com
(703) 828-4902
On Tue, Dec 1, 2015 at 1:42 PM, Rob Crittenden wrote:
Looks like I needed to try a couple of options for the /etc/ldap.conf file.
Eventually, the original line of 'pam_password md5’ seemed to be causing the
error message. I commented it out and I’ll assume by doing so, that its using
‘clear text’ for the LDAP call. I’m using SSL/TLS so I’ll try
Thank you for the quick reply and a solution.
I will try it in the next couple of days.
Regards,
Gašper
On Tue, Dec 1, 2015 at 2:51 PM, Martin Kosek wrote:
> On 12/01/2015 02:41 PM, Simo Sorce wrote:
> > On Tue, 2015-12-01 at 12:57 +0100, Martin Kosek wrote:
> >> On
On 11/30/2015 02:25 PM, Gašper Bregar wrote:
> I have been strugling with FreeIPA and AD password sync for a couple of
> days now. At first everything was working fine, but then all of a sudden
> the synchronization started to fail for me and another user.
>
> The error in passsync log was
>
>
On Tue, 2015-12-01 at 12:57 +0100, Martin Kosek wrote:
> On 11/30/2015 02:25 PM, Gašper Bregar wrote:
> > I have been strugling with FreeIPA and AD password sync for a couple of
> > days now. At first everything was working fine, but then all of a sudden
> > the synchronization started to fail for
On 12/01/2015 02:41 PM, Simo Sorce wrote:
> On Tue, 2015-12-01 at 12:57 +0100, Martin Kosek wrote:
>> On 11/30/2015 02:25 PM, Gašper Bregar wrote:
>>> I have been strugling with FreeIPA and AD password sync for a couple of
>>> days now. At first everything was working fine, but then all of a
16 matches
Mail list logo