Many Thanks for the information.
Srini
-> -Original Message-
-> From: Sam Hartman [mailto:[EMAIL PROTECTED]]
-> Sent: Tuesday, April 23, 2002 11:13 PM
-> To: [EMAIL PROTECTED]
-> Subject: Re: RFC 1510bis versus RFC 1510
->
->
-> > "Srinivas" == Srinivas Cheruku
-> <[EMAIL PROTECTE
Can anyone share some info about how you are securing Mac OS 9?
Right now we are testing MacAdministrator but their pricing is much
higher than we would like to pay for the 300+ clients in our labs.
We would like to know about some other options.
We help maintain a labs deployment page at http
We are about to implement kerberos authentication in our open access
labs, which will include Mac OS 9.x, Mac OS X, and Windows 2000
clients. Both of the options we are considering would entail a
couple of UNIX-based KDC's to handle Userid/Password authentication
for both Macs and PCs. Our t
David Magda <[EMAIL PROTECTED]> writes:
> Can you try, as root:
>
> cd /usr/ports/security/openssh
> make KERBEROS5=yes install clean
>
> You may want to look at http://www.freebsd.org/ports/ for more
> information.
Oops. There's also /usr/ports/security/openssh-portable.
Check the Makefile
Marc <[EMAIL PROTECTED]> writes:
> Hello,
>
> I am trying to compile OpenSSH 3.1p1 with the GSSAPI into it so I
> applied the patches like that:
>
> cd openssh-3.1p1
Why are you compiling the source by hand? One of FreeBSD's greatest
strengths is its ports system.
Can you try, as root:
cd /u
Where will we fear after Marla converses the open fire's draper?
"ART AND ALL THAT JAZZ" is a gallery on the Healdsburg Plaza
that incorporates the two passions of its owner, Jessica Felix -
art and jazz.
Jessica is an artist whose medium is jewelry. She creates what she calls
"spirited art," sp
Figured it out. Was a hostname /host principal issue.
On Tue, 2002-04-23 at 14:08, Austin Gonyou wrote:
> I've recently setup kpropd through xinetd on a slave kdc. That works
> fine, but is incorrect as far as the FS layout is concerned.
>
> I've opted to use kpropd in stand alone mode on 3 dif
> "Douglas" == Douglas E Engert <[EMAIL PROTECTED]> writes:
Douglas> Can you say who the author is? I would like to see this
Douglas> in 1.2.5 or the following release. We could reomve our
Douglas> mods from ftpd which in effect call ak5log.
As a general rule, we change our rele
I've recently setup kpropd through xinetd on a slave kdc. That works
fine, but is incorrect as far as the FS layout is concerned.
I've opted to use kpropd in stand alone mode on 3 different ports, 754,
755, 756 on the slave, and that part seems to be working fine.
When I attempt to run kprop fr
Hrm..that is strange. Did you replace login entirely with login.krb5(via
symlink or some such thing?) That could be part of the problem. If you
have pam_krb5.so, you should probably use that and configure pam to do
what you want, otherwise, I don't think it will be possible.
On Tue, 2002-04-23
Marc ([EMAIL PROTECTED]) wrote:
: First I had to copy over gss-serv.c, gss-genr.c and kexgss.c from the
: compilation of GSSAPI in OpenSSH on my linux box because somehow patch
: didn't create those files on FreeBSD (know why ???). So then I did a:
Sounds like patch is doing something very wie
Can you say who the author is? I would like to see this in
1.2.5 or the following release. We could reomve our mods from
ftpd which in effect call ak5log.
Sam Hartman wrote:
>
> > "Ken" == Ken Hornstein <[EMAIL PROTECTED]> writes:
>
> >> Currently I'm using SSH with GSSAPI and pam_krb
Ken Hornstein ([EMAIL PROTECTED]) wrote:
: But if you're doing GSSAPI, then pam is never being invoked, right?
No, if PAM support is enabled then the account and session portions of the
ssh PAM stack will be invoked, even for a GSSAPI login. This enables things
like the gaining of additional cred
On Tue, Apr 23, 2002 at 01:58:50PM -0400, Nick M. Williams wrote:
>
> Simon's patches for OpenSSH use PAM. I believe the Solaris telnetd and
> friends do as well, yes, even with kerberos-authenticated clients. The
> key is to either not bother calling pam_authenticate() (the user *is*
> authentic
Simon's patches for OpenSSH use PAM. I believe the Solaris telnetd and
friends do as well, yes, even with kerberos-authenticated clients. The
key is to either not bother calling pam_authenticate() (the user *is*
authenticated already) or call it but use a PAM_SERVICE name configured
to just retur
Austin Gonyou wrote:
> Assign a password to the root user. It will use that first.
>
> On Tue, 2002-04-23 at 10:46, Marc wrote:
>
>>Hello,
>>
>>In this situation I am using Linux Slackware 8 with a 2.2 kernel and
>>with MIT Kerberos 1.2.4. I have installed the login.krb5 instead of the
>>nor
Austin Gonyou wrote:
> Assign a password to the root user. It will use that first.
>
> On Tue, 2002-04-23 at 10:46, Marc wrote:
>
>>Hello,
>>
>>In this situation I am using Linux Slackware 8 with a 2.2 kernel and
>>with MIT Kerberos 1.2.4. I have installed the login.krb5 instead of the
>>nor
> "Srinivas" == Srinivas Cheruku <[EMAIL PROTECTED]> writes:
Srinivas> Hi all, What is RFC 1510bis? How is it different from
Srinivas> RFC 1510 standard?
Srinivas> RFC 1510bis is mentioned in the PKINIT Draft 16.
Look at draft-ietf-krb-wg-kerberos-clarifications. There will als
> "Ken" == Ken Hornstein <[EMAIL PROTECTED]> writes:
>> Currently I'm using SSH with GSSAPI and pam_krb5 support. In
>> /etc/profile (and/or pam config for ssh) I'm getting the AFS
>> token, so it's possible to use AFS as home when doing
>> interactive logins with SSH.
K
Austin Gonyou wrote:
> You need to make sure you're using autoconf 2.5x, 2.53 I believe is the
> latest stable. VERY important.
I used autoconf 2.52_2 which comes from the ports of FreeBSD 4.5, is
that any good or should I try to find the latest version ?
Regards
Marc
>Currently I'm using SSH with GSSAPI and pam_krb5 support.
>In /etc/profile (and/or pam config for ssh) I'm getting
>the AFS token, so it's possible to use AFS as home when
>doing interactive logins with SSH.
But if you're doing GSSAPI, then pam is never being invoked, right?
Are users typing cle
You need to make sure you're using autoconf 2.5x, 2.53 I believe is the
latest stable. VERY important.
On Tue, 2002-04-23 at 09:12, Marc wrote:
> Hello,
>
> I am trying to compile OpenSSH 3.1p1 with the GSSAPI into it so I
> applied the patches like that:
>
> cd openssh-3.1p1
>
> patch < open
Assign a password to the root user. It will use that first.
On Tue, 2002-04-23 at 10:46, Marc wrote:
> Hello,
>
> In this situation I am using Linux Slackware 8 with a 2.2 kernel and
> with MIT Kerberos 1.2.4. I have installed the login.krb5 instead of the
> normal krb, my question is:
>
> I
Hello,
In this situation I am using Linux Slackware 8 with a 2.2 kernel and
with MIT Kerberos 1.2.4. I have installed the login.krb5 instead of the
normal krb, my question is:
Is it possible to avoid the root account to be checked against Kerberos
and instead make only the root account to be
I'm using the kerberized version of FTPd coming with
MIT Kerberos V. I'm about to move all my users to AFS
space. One thing that struck me, is what to do with
the AFS token...
Currently I'm using SSH with GSSAPI and pam_krb5 support.
In /etc/profile (and/or pam config for ssh) I'm getting
the AFS
The realm you have created is SUB.COMPANY.COM
and your krb5.conf file does not have this realm listed in the realms
option.
Remove all the other realms from the krb5.conf and add realm SUB.COMPANY.COM
in the krb5.conf.
Also change the default realm to the SUB.COMPANY.COM
Srini
-> -Original
Hello,
I am trying to compile OpenSSH 3.1p1 with the GSSAPI into it so I
applied the patches like that:
cd openssh-3.1p1
patch < openssh-mit-krb5-20020326.diff
patch < openssh-3.1p1-gssapi-20020325.diff
autoreconf
./configure --with-kerberos5 --sysconfdir=/etc/ssh
First I had to copy over gs
Hi all,
What is RFC 1510bis? How is it different from RFC 1510 standard?
RFC 1510bis is mentioned in the PKINIT Draft 16.
Can anyone throw some light on this?
Thanks in Advance,
Srini
*
Disclaimer: The information in this e-m
I shouldn't think so. File system security can only be set on NTFS
volumes. AFAIK the security API's are present in Win9x, but do nothing
and probably return an error. There should perhaps be a version check
at the beginning (by calling GetVersion()) which causes the function
to do nothing and ret
Sam Hartman wrote:
>>"Marc" == Marc Horowitz <[EMAIL PROTECTED]> writes:
>>
>
> Marc> [EMAIL PROTECTED] ("Jacques A. Vidrine") writes:
> >>> If you send messages to this list with an incorrect or forged
> >>> `From:' address, do not expect replies.
>
> Marc> He's been ge
All HGH (Human Growth Hormone) products are not the same.
There are three different types of products.
Yet, all three are advertised as if they where the same.
The three types are:
1) Homeopathic HGH
2) Pre-cursor HGH
3) Real or synthetic HGH (delivered by injection
or, by
Have You Heard of Human Growth Hormone (HGH)?
Released by your own pituitary gland, HGH starts declining
in your 20s, even more in your 30s and 40s, eventually resulting
in the shrinkage of major organs -- plus, all
other symptoms related to old age.
All HGH (Human Growth Hormone) p
32 matches
Mail list logo