Carl Farrington wrote:
> The name Kerberos is used because it is the name of the three-headed watch
> dog in Greek mythology. Most people know of this dog as being called
> Cerberus, but this is actually the Roman (Latin) tranlation of the correct
> and original Greek name, Kerberos.
Hello,
I've got problems setting up Krb5 on my Crux Linux host.
I did all nessessary things and always get stuck at the point trying to
create the keytab file with kadmin.local.
The program says:
Authenticating as principal root/[EMAIL PROTECTED] with
password.
kadmin.local: Cannot find/read sto
Hi !
I get a problem with the gss-api libgssapi_krb5.a.
When we put the libgssapi_krb5.a in
a SAP kernel directory ( .../exe/run)
and activating the SNC parameters in
the instance profile, the sap
systems starts but it does not allow
any connection to the system. I
have noticed that the
"M.safa" wrote:
> Please tell me :
> -Why this protocol named Kerberos?
> - And how Work?
As David has said, you should read the Kerberos FAQ, or most definately you
should read "Designing an Authentication System:
a Dialogue in Four Scenes". This is excellent reading. I only wish I could
find m
Is it easy to change the IP or rename (move) a kerberos server?
Obviously config files need adjustment, but the realm remains the
same. But has the hostname/IP the server was installed and set up
with somehow been salted into the keytab?
Or is it time to tear down, reinstall, and set up, again?
T
Hi all,
I got stuck trying to get Apache 1.3.31 with mod_spnego to work with a Windows 2003
Server-based AD.
The SPNEGO token received from the client (IE 6.0SP1) is passed to krb5, but it can't
be properly decoded by it.
I've hacked the krb5 libs to produce some more debug output, but I simply
We have an environment that utilizes a NT 4.0 domain and a linux
mail/web server. I am at the point of looking at replacing my PDC.
Rather than move to a Windows 2000 Active Directory environment, I am
courting the idea of moving to another Linux server that would handle
kerberos authentication and
I agree Ken
I have a cross realm setup at my lab at my house and at my previous employer we had it
working as well.
It's pretty straight forward, but you do have to know your OS and how to configure AD
and Kerberos correctly as well as the Unix side.
However the How To Guides by Microsft ar
> "Rouiller" == Rouiller Claude <[EMAIL PROTECTED]> writes:
Rouiller> I thought it had to, when the KDC is a MS Windows domain
Rouiller> controller.
I don't think this is quite true but I do think it is true that there
will be significant complexity if realm doesn't match domain for
Nothing should happen to the tickets.
When the user logs back in, Windows should re-authenticate the user
to the KDC and therefore will obtain a new TGT and a host ticket
for the local machine.
Lara Adianto wrote:
> Hello,
>
> I have a win2k machine which is a member of MIT Realm.
> A user who
On Fri, Jul 02, 2004 at 10:47:56AM -0400, Ken Hornstein wrote:
> >Expert: "You can't put your SSO in production, because Kerberos cross realm
> >authentication doesn't work!"
> >Me: "Is it an issues in Microsoft Kerberos?"
> >Expert: "No. The Kerberos protocol has been so poorly designed, that
> >c
>Expert: "You can't put your SSO in production, because Kerberos cross realm
>authentication doesn't work!"
>Me: "Is it an issues in Microsoft Kerberos?"
>Expert: "No. The Kerberos protocol has been so poorly designed, that
>cross-realm authentication just doesn't work at all. Maybe Microsoft has
>
Hi
I've just implemented a prototyp of SSO, using Java and Microsoft Kerberos.
And it works nicely (thanks to those from this list who helped me) !!
Then, I've presented my work to our security experts (who are not Kerberos
fans).
When I said that I had only tested the prototype within one REALM,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 1 Jul 2004, Frederic Medery wrote:
> My question is : Do I have to create all the users principal or when I
> create a ldap user, do i have to create it inside kerberos of the ldap
> admin principal with create it for me ?
You will need to be
14 matches
Mail list logo
