Re: Odd Kermit Kerberos problem

In article , Donn Cave <[EMAIL PROTECTED]> wrote: : Quoth [EMAIL PROTECTED] (Ed Ravin): : | I encountered a very odd problem with Kermit and Kerberized : | telnet today. I tried to use kermit to connect to a host: : | : | $ kermit -J serverhost : |DNS Lookup..

Re: kdb5_util dump on host1 && kdb5_util load on host2

> "turbo" == Turbo Fredriksson <[EMAIL PROTECTED]> writes: > "Sam" == Sam Hartman <[EMAIL PROTECTED]> writes: Sam> Why didn't just copying the stash file work? turbo> Don't know. It claimed integrity problems, that's all know.. Unfortunately, I seem to recall that the stash file is by

RE: OpenSSH problem on Solaris 8

Yes. That can be done with GSS-API. There was a thread about that on krbdev a few weeks ago - the upshot is that two small changes are needed in MIT's GSS-API implementation for it to work. > In other words, wait to see what ticket (initiator credentials) you > get from the client, and then se

Re: OpenSSH problem on Solaris 8

On Wed, May 22, 2002 at 02:34:02PM -0400, [EMAIL PROTECTED] wrote: > > Ideally the acceptor name is irrelevant to the acceptor. After all, > the ability to accept a sec context implies having the necessary and > valid keytab entries available, and that is good enough IMHO. Such > behaviour would

Re: OpenSSH problem on Solaris 8

On Wed, May 22, 2002 at 10:28:03AM -0500, Steve Langasek wrote: > I would love it if you could send these patches to me (or to the list), > because it would save me the trouble of writing them. I have a two-node > high availability cluster here that I'd like to use kerberized ssh on, > and it bug

RE: OpenSSH problem on Solaris 8

Ideally the acceptor name is irrelevant to the acceptor. After all, the ability to accept a sec context implies having the necessary and valid keytab entries available, and that is good enough IMHO. Such behaviour would be necessary on virtualized servers. For the acceptor to accept GSS contex

RE: OpenSSH problem on Solaris 8

I've seen problems like this caused by incorrect resolv.conf setup or inconsistency between the DNS RRs for the host and the host's configuration. Nico -- > -Original Message- > From: Marc [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 12:23 PM > To: [EMAIL PROTECTED] > S

Re: kdb5_util dump on host1 && kdb5_util load on host2

> "Turbo" == Turbo Fredriksson <[EMAIL PROTECTED]> writes: > "Sam" == Sam Hartman <[EMAIL PROTECTED]> writes: Sam> You're not using the same master key on master and slave. Turbo> No, and I don't want to... This configuration is not supported and will not easily work. All the

Re: kdb5_util dump on host1 && kdb5_util load on host2

> "Sam" == Sam Hartman <[EMAIL PROTECTED]> writes: Sam> Why didn't just copying the stash file work? Don't know. It claimed integrity problems, that's all know.. . -- NORAD tritium Rule Psix nitrate Qaddafi terrorist assassination 767 North Korea arrangements Peking jihad $400 million

Logging Microsoft Win2K KDC

I was wondering if anyone had tried enabling logging on the KDC on Windows 2000. Microsoft say a registry entry of, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters Registry Value: LogLevel Value Type: REG_DWORD Value Data: 0x1 and a reboot should enable it. However

Re: OpenSSH problem on Solaris 8

An easy way around this problem is to ensure that your host/machine exists as that name in DNS. If it's a small network, that's usually not a problem. So, in DNS, have machine as a PTR and machine.domain as the A record. Add *only* the host/machine@REALM to the kdc as a principal, then your kerbe

Re: OpenSSH problem on Solaris 8

Jacques A. Vidrine wrote: > On Wed, May 22, 2002 at 03:56:48PM +0200, Marc wrote: > >>yes hostname is the same output except that with hostname i don't get >>the domainname. >> > > That might be the problem. Try setting your hostname to the FQDN. > Incredible, I setted hostname to reflect m

Re: OpenSSH problem on Solaris 8

On Wed, May 22, 2002 at 08:32:55AM -0500, Jacques A. Vidrine wrote: > On Wed, May 22, 2002 at 01:42:54PM +0200, Marc wrote: > > Well that's strange because I have one: > > bash-2.03# klist -k > > Keytab name: FILE:/etc/krb5/krb5.keytab > > KVNO Principal > > > >

Re: kdb5_util dump on host1 && kdb5_util load on host2

Why didn't just copying the stash file work? Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos

Re: OpenSSH problem on Solaris 8

On Wed, May 22, 2002 at 03:56:48PM +0200, Marc wrote: > yes hostname is the same output except that with hostname i don't get > the domainname. That might be the problem. Try setting your hostname to the FQDN. -- Jacques A. Vidrine <[EMAIL PROTECTED]> http://www.nectar.cc/ NTT/

Re: OpenSSH problem on Solaris 8

Jacques A. Vidrine wrote: > Is `hostname.domain.com' the same as the output of the hostname > command? yes hostname is the same output except that with hostname i don't get the domainname. > If I recall correctly, Simon's modifications indirectly use > gethostname() to determine the server

jobstor.com - Data Storage Job Board

Title: Untitled Document Finally A Job Board for the Data Storage Industry www.jobstor.com You are receiving this email because you have been identified as an individual within the data storage industry. jobstor.com went live last week

Re: OpenSSH problem on Solaris 8

On Wed, May 22, 2002 at 01:42:54PM +0200, Marc wrote: > Well that's strange because I have one: > > bash-2.03# klist -k > Keytab name: FILE:/etc/krb5/krb5.keytab > KVNO Principal > > -- > 1 host/hostname.domain.com@

Re: OpenSSH problem on Solaris 8

Simon Wilkinson wrote: > Marc ([EMAIL PROTECTED]) wrote: > : Well that's strange because I have one: > : 1 host/hostname.domain.com@REALM > > Apologies for the stupid question - but this isn't literally > host/hostname.domain.com@REALM, > > but rather > host/mymachine.mydomain@MYREALM > (wi

Re: OpenSSH problem on Solaris 8

Marc ([EMAIL PROTECTED]) wrote: : Well that's strange because I have one: : 1 host/hostname.domain.com@REALM Apologies for the stupid question - but this isn't literally host/hostname.domain.com@REALM, but rather host/mymachine.mydomain@MYREALM (with mymachine, mydomain and MYREALM replaced

Re: OpenSSH problem on Solaris 8

> "Marc" == Marc <[EMAIL PROTECTED]> writes: Marc> bash-2.03# ./sshd -d -p 999 Marc> [...] Marc> 1 host/hostname.domain.com@REALM Yes, but you don't have a 'host/localhost@REALM'... Doing the ssh command above, fall backs to 'localhost' (usually anyway) -- World Trade Center io

Re: OpenSSH problem on Solaris 8

Simon Wilkinson wrote: > Marc ([EMAIL PROTECTED]) wrote: > : debug1: No principal in keytab matches desired name > > This is your problem. You need a host/ principal in the default > keytab (probably /etc/krb5.keytab) of the server. > > Cheers, > > Simon. > > Well that's strange because I h

Re: OpenSSH problem on Solaris 8

Marc ([EMAIL PROTECTED]) wrote: : debug1: No principal in keytab matches desired name This is your problem. You need a host/ principal in the default keytab (probably /etc/krb5.keytab) of the server. Cheers, Simon. Kerberos mailing list

Re: kdb5_util dump on host1 && kdb5_util load on host2

ured it out! Weee :) This is the way I did it, could this be added to some howto? - s n i p - 1. Create database and stash file a. kdb5_util create -s => Use whatever password, it's to be removed/changed. 2. Load the database dump a. kdb5_util load krb5-20020522 =

OpenSSH problem on Solaris 8

Hello, I have installed OpenSSH 3.1p1 with the patches applied from swx.co.uk but it still somehow doesn't work, here is the output of a -d on the server: bash-2.03# ./sshd -d -p 999 debug1: sshd version OpenSSH_3.1p1 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done:

Re: problems compiling krb5.1.2 on solaris 8

Someone with the apparently bogus e-mail address Marc <[EMAIL PROTECTED]> writes: > > making all in include/kerberosIV... > > cd . && autoheader --localdir=../. > > sh: autoheader: not found > > It looks like you need GNU autoconf... autoconf is typically something a developer would run, after