Russ Allbery <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>...
[snip]
>
> The application server then receives and decodes that authenticator,
> validates it, and then creates a cookie containing a more persistant
> authenticator just for that service. That cookie is, however, now
[EMAIL PROTECTED] (paul b) wrote in message news:<[EMAIL PROTECTED]>...
> Hello,
> I am currently developping a "web single signon"-system and I am
> thinking about using Kerberos for this propose
>
[snip]
>
> Perhaps someone can tell me if Kerberos is really a good solution for
> web-single sign
At 12:40 PM -0500 3/12/04, Jeffrey Hutzelman wrote:
Note that it sounds like the OpenAFS code you were looking at was
actually src/des/strng_to_key.c, which implements the DES
string-to-key function, not the AFS one. The AFS string-to-key code
is in src/kauth/client.c.
Correct. I looked for fi
At 9:40 AM -0600 3/12/04, Digant Kasundra wrote:
> >Is anyone aware of any product that can sync passwords
between an MIT
>Kerberos KDC and MS Active Directory?
Alf Wachsmann at SLAC is doing this with Heimdal.
Personally I'd rather only have the passwords (keys actually) stored
in one of th
On Friday, March 12, 2004 00:41:06 -0800 "Henry B. Hotz"
<[EMAIL PROTECTED]> wrote:
At 8:54 PM -0500 3/11/04, Jeffrey Hutzelman wrote:
On Thursday, March 11, 2004 16:38:46 -0800 "Henry B. Hotz"
<[EMAIL PROTECTED]> wrote:
Where is the "real" description of the string-to-key functions, V4, AFS,
a
You cannot use kdb5_util load/dump to move principals between realms
with different master keys. That might be your problem.
I'd recommend deleting the two principals for the cross realm keys and
recreating them with known passwords on both systems.
__
> >Is anyone aware of any product that can sync passwords
> between an MIT
> >Kerberos KDC and MS Active Directory?
>
> Alf Wachsmann at SLAC is doing this with Heimdal.
>
> Personally I'd rather only have the passwords (keys actually) stored
> in one of the two, and I'd rather it wasn't the c
Saho Masuda wrote:
>
> Hello,
>
> I've configured my kerberos which using DCE (IBM DCE V3.2) security Server
> as a KDC on AIX machine.
> I could get TGT by kinit command. But I couldn't use kpasswd well.
>
> monaco # ./kpasswd saho
> ./kpasswd: Server not found in Kerberos database getting
Hello,
I've configured my kerberos which using DCE (IBM DCE V3.2) security Server
as a KDC on AIX machine.
I could get TGT by kinit command. But I couldn't use kpasswd well.
monaco # ./kpasswd saho
./kpasswd: Server not found in Kerberos database getting initial ticket
My question is:
Can
At 8:54 PM -0500 3/11/04, Jeffrey Hutzelman wrote:
On Thursday, March 11, 2004 16:38:46 -0800 "Henry B. Hotz"
<[EMAIL PROTECTED]> wrote:
Where is the "real" description of the string-to-key functions, V4, AFS,
and V5?
AFS supports only the single-DES enctype. The AFS string-to-key
function is n
Hello, new to the list.. thought I would run this by some of you.
When I ssh into a Linux machine with a kerberized ssh, everything seems
to work fine ticket passing and all. The only thing is that when I run
klist i get something like this:
Credentials cahce /tmp/krb5cc_x not found
but I
11 matches
Mail list logo
