I need to update this. It turns out that making the krb5
"sufficient" for auth weakens your system. Check out
http://www.ofb.net/~jheiss/krbldap/files/pam.conf-8
for a better solution. This highlights the best interplay
between pam_unix and pam_krb5 I've seen.
Eliot
-Original Message
--- "Douglas E. Engert" <[EMAIL PROTECTED]> wrote:
>
>
> Lara Adianto wrote:
> >
> > Hi,
> >
> > I have a strange problem with cross-realm
> authentication.
> > It's a windows 2000 machine authenticating to an
> MIT KDC, then it accesses a computer in a windows
> domain. This should be possibl
Henry,
I just managed to get it working. It turns out that you
can't just uncomment the krb5 entries in the /etc/pam.conf
file. You also need to make sure that krb5 is "sufficient" for
the "auth" rule for the service, in this case "login". You may
need to play with the relationship with pam_unix.s
kdkirmse wrote:
>
> I have been having problems with getting a keytab file on a windows
> 2000 client running the MIT Kerberos utilities to interface properly
> with a windows 2003 KDC. I had the same client working correctly when
> the KDC was a windows 2000 server.
>
> The command "kinit [EMAI
Gururaj wrote:
>
> Hi Douglas,
> Sorry couldn't reply to your reply because of internet access problem.
>
> Thanks that was really a nice reference link. But in that link every
> thing is about interoperatibility(Unix and MIT Kerberos)
>
> Let me elaborate about my problem.
>
> My Domain cont
I have been having problems with getting a keytab file on a windows
2000 client running the MIT Kerberos utilities to interface properly
with a windows 2003 KDC. I had the same client working correctly when
the KDC was a windows 2000 server.
The command "kinit [EMAIL PROTECTED]" works correctly bu
Il mer, 2004-07-28 alle 08:11, mdj_kerberos ha scritto:
> hi all,
>
>I would like to know whether FQDN is a must for kerberos???
>
> thank you
>
> Kerberos mailing list [EMAIL PROTECTED]
> https://mailman.mit.edu/mailman/listinfo/kerb
Hello everybody,
I've been able to setup windows machine which belongs
to workgroup to authenticate to MIT KDC.
In that case, the windows machine as well as the user
are members of external realm (MIT realm)
Now, I wonder whether it's possible for a user to
login into windows machine which joins
Hi Douglas,
Sorry couldn't reply to your reply because of internet access problem.
Thanks that was really a nice reference link. But in that link every
thing is about interoperatibility(Unix and MIT Kerberos)
Let me elaborate about my problem.
My Domain controller machine is a windows server 200
Lara Adianto wrote:
>
> Hi,
>
> I have a strange problem with cross-realm authentication.
> It's a windows 2000 machine authenticating to an MIT KDC, then it accesses a
> computer in a windows domain. This should be possible theoritically with ksetup, and
> all the necessary steps described i
I think I need to provide more information about my setup:
- I used UMICH patch for cross realm auth, I can see from the log file that the
cross-realm ticket is issued by MIT Realm
- The krbtgt/[EMAIL PROTECTED] and krbtgt/[EMAIL PROTECTED] key is des-cbc-crc32
- the TGT in win client:
Cached TGT
Hi,
I have a strange problem with cross-realm authentication.
It's a windows 2000 machine authenticating to an MIT KDC, then it accesses a computer
in a windows domain. This should be possible theoritically with ksetup, and all the
necessary steps described in the step by step kerberos interope
12 matches
Mail list logo
