> We've had experience supporting multi realms on a single server. Here
> is what you want to do:
>
> 1.) Start one instance of kadmind for each realm that you want to
> administrate. Use the -r switch on the commandline to specify the
> realm that will be managed, ie:
>
> kadmind -r SO
On Thu, 4 Sep 2003 15:49:44 -0500
[EMAIL PROTECTED] (Dr. Greg Wettstein) wrote:
[...]
> A federated identity structure means that organizations are going to
> take responsibility for managing their own user identities. These
> three fundamental identities thus exist within the context of an
> ent
Sam,
Path of least resistance: I had very little time, was already familiar with
OpenSSL and was not able to easily figure out how the MIT ASN.1 APIs worked.
Time permitting, I will definitely consider moving to MIT Kerberos.
Frank
From: Sam Hartman <[EMAIL PROTECTED]>
To: "Frank Balluffi" <[
On Sep 3, 7:42am, Tobias Heide wrote:
} Subject: Win2000 PAC-Credentials Implementation
> Hi there!
Good morning, hope that your day is going well.
> I wanted to have Windows 2000 Clients authenticate against a MIT Kerberos
> 1.3.1 KDC. But during implementation I came across some questions:
>
It's not a bug; it is a feature. Whatever program you are logging in
with is making sure that each session has its own credentials cache.
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
If you hammer on a page with Internet Explorer it will send what MIT
Kerberos considers replays of the gss-init-sec-context tokens. So in order
to get around this you either need to always use SSL and disable the replay
cache on the server, (Which unless the api has changed in recent versions of
M
Hi ,
I need help on the following point when I start the kdc I got error message
No database support! (hdb_create) in the kdc.log file.
Could you please help me think something wrong in my krb5.conf .
Kind Regards
Said Bouzenzana - Customer Service Representative
IBM Global Services
IGA EMEA Cust
Hi,
Why sometimes we got credential file not
/tmp/krb5cc_
but
/tmp/krb5cc__x
(x are just random characters)
How to correct this? Thanks.
Grace
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo
Hi,
Garrett Wollman wrote:
starting two kadminds, one for each realm, specifying an alternate
port, but that didn't work either as there is no way to specify a
different changepw port on the command line.
We have this working by starting one kadmind instance for each realm.
kdchost# kadmind -r RE
> "Nebergall," == Nebergall, Christopher <[EMAIL PROTECTED]> writes:
Nebergall,> If you hammer on a page with Internet Explorer it will
Nebergall,> send what MIT Kerberos considers replays of the
Nebergall,> gss-init-sec-context tokens. So in order to get
Nebergall,> around th
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Tobias Heide
> Sent: Tuesday, September 02, 2003 10:43 PM
> To: [EMAIL PROTECTED]
> Subject: Win2000 PAC-Credentials Implementation
>
> Hi there!
>
> I wanted to have Windows 2000 Clients authentic
Why are your SPNEGO extensions part of OpenSSL? That seems like a
rather unfortunate place for them.
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
On Sep 3, 8:52pm, Garrett Wollman wrote:
} Subject: Does kadmind work on a multi-realm KDC?
Hi Garrett, hope the day is going well for you.
> We're migrating from an old realm name to a new one. I staged the
> setup of the new realm on the backup KDC, and kadmind worked fine
> there, but once I
13 matches
Mail list logo