In article ,
Donn Cave <[EMAIL PROTECTED]> wrote:
: Quoth [EMAIL PROTECTED] (Ed Ravin):
: | I encountered a very odd problem with Kermit and Kerberized
: | telnet today. I tried to use kermit to connect to a host:
: |
: | $ kermit -J serverhost
: |DNS Lookup..
> "turbo" == Turbo Fredriksson <[EMAIL PROTECTED]> writes:
> "Sam" == Sam Hartman <[EMAIL PROTECTED]> writes:
Sam> Why didn't just copying the stash file work?
turbo> Don't know. It claimed integrity problems, that's all know..
Unfortunately, I seem to recall that the stash file is by
Yes. That can be done with GSS-API. There was a thread about that on krbdev a few
weeks ago - the upshot is that two small changes are needed in MIT's GSS-API
implementation for it to work.
> In other words, wait to see what ticket (initiator credentials) you
> get from the client, and then se
On Wed, May 22, 2002 at 02:34:02PM -0400, [EMAIL PROTECTED] wrote:
>
> Ideally the acceptor name is irrelevant to the acceptor. After all,
> the ability to accept a sec context implies having the necessary and
> valid keytab entries available, and that is good enough IMHO. Such
> behaviour would
On Wed, May 22, 2002 at 10:28:03AM -0500, Steve Langasek wrote:
> I would love it if you could send these patches to me (or to the list),
> because it would save me the trouble of writing them. I have a two-node
> high availability cluster here that I'd like to use kerberized ssh on,
> and it bug
Ideally the acceptor name is irrelevant to the acceptor. After all, the ability to
accept a sec context implies having the necessary and valid keytab entries available,
and that is good enough IMHO. Such behaviour would be necessary on virtualized servers.
For the acceptor to accept GSS contex
I've seen problems like this caused by incorrect resolv.conf setup or inconsistency
between the DNS RRs for the host and the host's configuration.
Nico
--
> -Original Message-
> From: Marc [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 12:23 PM
> To: [EMAIL PROTECTED]
> S
> "Turbo" == Turbo Fredriksson <[EMAIL PROTECTED]> writes:
> "Sam" == Sam Hartman <[EMAIL PROTECTED]> writes:
Sam> You're not using the same master key on master and slave.
Turbo> No, and I don't want to...
This configuration is not supported and will not easily work. All the
> "Sam" == Sam Hartman <[EMAIL PROTECTED]> writes:
Sam> Why didn't just copying the stash file work?
Don't know. It claimed integrity problems, that's all know..
.
--
NORAD tritium Rule Psix nitrate Qaddafi terrorist assassination 767
North Korea arrangements Peking jihad $400 million
I was wondering if anyone had tried enabling logging on the KDC on
Windows 2000. Microsoft say a registry entry of,
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Registry Value: LogLevel
Value Type: REG_DWORD
Value Data: 0x1
and a reboot should enable it. However
An easy way around this problem is to ensure that your host/machine
exists as that name in DNS. If it's a small network, that's usually not
a problem.
So, in DNS, have machine as a PTR and machine.domain as the A record.
Add *only* the host/machine@REALM to the kdc as a principal, then your
kerbe
Jacques A. Vidrine wrote:
> On Wed, May 22, 2002 at 03:56:48PM +0200, Marc wrote:
>
>>yes hostname is the same output except that with hostname i don't get
>>the domainname.
>>
>
> That might be the problem. Try setting your hostname to the FQDN.
>
Incredible, I setted hostname to reflect m
On Wed, May 22, 2002 at 08:32:55AM -0500, Jacques A. Vidrine wrote:
> On Wed, May 22, 2002 at 01:42:54PM +0200, Marc wrote:
> > Well that's strange because I have one:
> > bash-2.03# klist -k
> > Keytab name: FILE:/etc/krb5/krb5.keytab
> > KVNO Principal
> >
> >
Why didn't just copying the stash file work?
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
On Wed, May 22, 2002 at 03:56:48PM +0200, Marc wrote:
> yes hostname is the same output except that with hostname i don't get
> the domainname.
That might be the problem. Try setting your hostname to the FQDN.
--
Jacques A. Vidrine <[EMAIL PROTECTED]> http://www.nectar.cc/
NTT/
Jacques A. Vidrine wrote:
> Is `hostname.domain.com' the same as the output of the hostname
> command?
yes hostname is the same output except that with hostname i don't get
the domainname.
> If I recall correctly, Simon's modifications indirectly use
> gethostname() to determine the server
Title: Untitled Document
Finally A Job Board for the Data Storage Industry
www.jobstor.com
You are receiving this email because you have been identified as an individual
within the data storage industry.
jobstor.com went live last week
On Wed, May 22, 2002 at 01:42:54PM +0200, Marc wrote:
> Well that's strange because I have one:
>
> bash-2.03# klist -k
> Keytab name: FILE:/etc/krb5/krb5.keytab
> KVNO Principal
>
> --
> 1 host/hostname.domain.com@
Simon Wilkinson wrote:
> Marc ([EMAIL PROTECTED]) wrote:
> : Well that's strange because I have one:
> : 1 host/hostname.domain.com@REALM
>
> Apologies for the stupid question - but this isn't literally
> host/hostname.domain.com@REALM,
>
> but rather
> host/mymachine.mydomain@MYREALM
> (wi
Marc ([EMAIL PROTECTED]) wrote:
: Well that's strange because I have one:
: 1 host/hostname.domain.com@REALM
Apologies for the stupid question - but this isn't literally
host/hostname.domain.com@REALM,
but rather
host/mymachine.mydomain@MYREALM
(with mymachine, mydomain and MYREALM replaced
> "Marc" == Marc <[EMAIL PROTECTED]> writes:
Marc> bash-2.03# ./sshd -d -p 999
Marc> [...]
Marc> 1 host/hostname.domain.com@REALM
Yes, but you don't have a 'host/localhost@REALM'... Doing the
ssh command above, fall backs to 'localhost' (usually anyway)
--
World Trade Center io
Simon Wilkinson wrote:
> Marc ([EMAIL PROTECTED]) wrote:
> : debug1: No principal in keytab matches desired name
>
> This is your problem. You need a host/ principal in the default
> keytab (probably /etc/krb5.keytab) of the server.
>
> Cheers,
>
> Simon.
>
>
Well that's strange because I h
Marc ([EMAIL PROTECTED]) wrote:
: debug1: No principal in keytab matches desired name
This is your problem. You need a host/ principal in the default
keytab (probably /etc/krb5.keytab) of the server.
Cheers,
Simon.
Kerberos mailing list
ured it out! Weee :)
This is the way I did it, could this be added to some howto?
- s n i p -
1. Create database and stash file
a. kdb5_util create -s
=> Use whatever password, it's to be removed/changed.
2. Load the database dump
a. kdb5_util load krb5-20020522
=
Hello,
I have installed OpenSSH 3.1p1 with the patches applied from swx.co.uk
but it still somehow doesn't work, here is the output of a -d on the server:
bash-2.03# ./sshd -d -p 999
debug1: sshd version OpenSSH_3.1p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done:
Someone with the apparently bogus e-mail address Marc <[EMAIL PROTECTED]>
writes:
> > making all in include/kerberosIV...
> > cd . && autoheader --localdir=../.
> > sh: autoheader: not found
>
> It looks like you need GNU autoconf...
autoconf is typically something a developer would run, after
26 matches
Mail list logo