[EMAIL PROTECTED] (Cesar Garcia) wrote in
[EMAIL PROTECTED]:">news:[EMAIL PROTECTED]:
>
> I gather your application is multithreaded, or at least built
> with threads in mind ...
>
> You should build your kerberos libs with -D_REENTRANT.
Yes my application is multi-threaded however I do have
I gather your application is multithreaded, or at least built
with threads in mind ...
You should build your kerberos libs with -D_REENTRANT.
At least in 1.2.2, the problem begins in src/util/profile/prof_file.c in the
profile_update_file method, where a stat is done to look for the
krb5.conf f
This problem seems to be an old one (http://groups.google.com/groups?selm=
6ogf07%247pg%241%40news.appliedtheory.com&output=gplain), but I cannot find
out an answer.
We are running on Solaris 8 (E10K ultra SPARC 8processor domain)... it only
occurs when running within a shared object called by
Booker C. Bense ([EMAIL PROTECTED]) wrote:
: - Umich had a similar scheme a while ago.
Umich's scheme is still available. We're using the code in prototype form
locally. Its comprised of a client / server which is used to get short lived
X509 certificates based on the user's Kerberos credentials.
Running on SPARC Solaris - I have written a function auth(name,password) that
works whilst in a normal user app.
However when I call this function from within a plugin (just a specially
written .so) for iPlanet Directory Server 5.1, the following call
if (retval = krb5_init_context(&kcon
Quoth [EMAIL PROTECTED] ("Booker C. Bense"):
| On 5 Feb 2002, Donn Cave wrote:
[ ... re http://www.washington.edu/computing/pubcookie/ vs. Kerberos ]
|> Only inasmuch as the Kerberos authentication server can be used to
|> validate passwords. The proxy, if that's the right term, can get
|> a Ker
On 5 Feb 2002, Donn Cave wrote:
> Quoth [EMAIL PROTECTED] ("Booker C. Bense"):
> | On Mon, 4 Feb 2002, Stephen A. Cochran wrote:
> ...
> | > There are various other solutions, the ones's I've found are listed below:
> | >
> | > - The proxy method: a web server that acts as the kerberos proxy and
Hmm. So I thought you could stick multiple credentials into a
krb_cred message. If so, then you could probably forward the
appropriate proxiable tickets with telnet or rsh.
I wonder if the server would dump core.;-)
Quoth [EMAIL PROTECTED] ("Booker C. Bense"):
| On Mon, 4 Feb 2002, Stephen A. Cochran wrote:
...
| > There are various other solutions, the ones's I've found are listed below:
| >
| > - The proxy method: a web server that acts as the kerberos proxy and holds
| > the tickets, and then hands out coo
On Mon, 4 Feb 2002, Stephen A. Cochran wrote:
>
> I'm curious what other sites are doing for http authentication using
> Kerberos. There have been various projects in the past, but none have been
> the perfect solution (kerberos built into the browsers).
>
> We've been using Sidecar here at dartm
On Mon, Feb 04, 2002 at 07:01:43PM -0500, Marc Horowitz wrote:
> It requires no changes to the protocol or KDC to use the local TGT to
> get forwardable service tickets for the short list of specific
> services you care about, and forward those.
As long as the list is short... :)
>
On Mon, Feb 04, 2002 at 07:08:23PM -0500, Sam Hartman wrote:
> But it seems you colud use proxy tickets to get what you want.
Only as long as it's possible to forward multiple proxy tickets on
request over telnet/ssh/http/whatever.
That's not possible now.
One approach to deal with that might
Here is a Apache kerberos module:
http://stonecold.unity.ncsu.edu/software/mod_auth_kerb/
Also, if your OS and web server supports PAM, you could try to find a
kerberos PAM module.
Steve
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 04, 2002
Check out the kx509 form University of Michgan.
http://www.citi.umich.edu/projects/kerb_pki/
It uses Kerberos to authenticate to a CA to get a short term certiifcate based
on the lifetime of the Kerberos ticket.
The certificate and key are then saved in the the ticket cache, and a browser plug
14 matches
Mail list logo
