Re: Question: want different default_realm for service and user principles

Hello, In article <[EMAIL PROTECTED]>, Kiran Kumar M <[EMAIL PROTECTED]> wrote: > [libdefaults] > default_realm = FOO.ORG # This will ensure that we'll go to FOO.ORG to get > tickets for users > . > > [realms] > FOO.ORG = { >kdc = svr.foo.org:88 >admin_serv

Re: The token's validity period has expired

> "Markus" == Markus Moeller <[EMAIL PROTECTED]> writes: Markus> I get from time to time in my application which uses the Markus> gssapi the below error: Markus> GSSAPI error major: The token's validity period has Markus> expired GSSAPI error minor: No error Markus> What

Re: How to build the 524 library?

On Aug 12, 2004, at 06:50, Sensei wrote: I have a question about kerberos 5 version 1.3.4. I can't find a way of building the developement library libkrb524.a (or .so, I don't care). I tried with --enable-shared, --enable-whatever, but nothing. I have to use it since I need to build aklog/asetkey.

How to build the 524 library?

Hi. I have a question about kerberos 5 version 1.3.4. I can't find a way of building the developement library libkrb524.a (or .so, I don't care). I tried with --enable-shared, --enable-whatever, but nothing. I have to use it since I need to build aklog/asetkey. I can find it under debian, but

Re: Kerberized Client

Ryan M Bergmann wrote: > Are there any alternatives to Eudora for reading email? You can try the GSSAPI layer. -- Sensei Error: Keyboard not found. Press F1 to continue... Kerberos mailing li

Re: Question: want different default_realm for service and user

I don't know if I missed something here but I don't see any issue with the approach of setting "default_realm = FOO.ORG" In this case your Kerberos Config file will look like this... [libdefaults] default_realm = FOO.ORG # This will ensure that we'll go to FOO.ORG to get tickets for users .

The token's validity period has expired

I get from time to time in my application which uses the gssapi the below error: GSSAPI error major: The token's validity period has expired GSSAPI error minor: No error What does it mean and how can I avoid it ? Thanks Markus Kerberos mailing l

Re: Question: want different default_realm for service and user principles

> "Jeffrey" == Jeffrey Altman <[EMAIL PROTECTED]> writes: Jeffrey> The approach is a valid way of doing things. On the Unix Jeffrey> system you will need to use more than one configuration Jeffrey> file and specify which one to use via the KRB5_CONFIG Jeffrey> environment vari

Re: How to build the 524 library?

Use the following function from libkrb5.a instead: int KRB5_CALLCONV krb5_524_convert_creds (krb5_context context, krb5_creds *v5creds, struct credentials *v4creds); Sensei wrote: > Hi. > > I have a question about kerberos 5 version 1.3.4. I can't find a way of > building

Re: Kerberized Client

>In fact, most email clients support Kerberos 5 via GSSAPI >(very frequently using SASL), including Mulberry, Apple Mail.app, >Microsoft Outlook, pine, and mutt. > >Mail clients which I know do NOT support Kerberos 5 include: >Mozilla Mail, Eudora (I think it only support Kerberos 4), >and I'm sure

Re: Kerberized Client

On Thu, 12 Aug 2004, Bob Dowling wrote: > On Wed, 11 Aug 2004, Markus Moeller wrote: > > > Mulberry might do it. http://www.cyrusoft.com/mulberry/ > > According to http://www.cyrusoft.com/mulberry/mulbfeatures.html it only > supports Kerberos v4. It says: "Kerberos 4, CRAM-MD5, SASL Framework".

Cyrus + Kerberos

Hi, Where Can I find a "Howto" to configure Kerberos with Cuyrs-imapd-SASL?? I would like to know the steps... Help me, please!! Thx, Ruggero Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Question: want different default_realm for service and user principles

Dirk Pape wrote: Hello, I want to do the following with two kerberos realms which trust each other: first realm "FOO.ORG" holds only user principles, it is based on a Windows 2003 Server AD. second realm "BAR.FOO.ORG" hold service principles for unix services, such as "host/[EMAIL PROTECTED]"

Re: Kerberized Client

On Wed, 11 Aug 2004, Markus Moeller wrote: > Mulberry might do it. http://www.cyrusoft.com/mulberry/ According to http://www.cyrusoft.com/mulberry/mulbfeatures.html it only supports Kerberos v4. Kerberos mailing list [EMAIL PROTECTED] ht

Re: browser + apache gss/spnego

matt cocker wrote: Hi We want to be able to use a users kerberos ticket to access a web site with out the user having to relogin. We tried a while ago but ran into the replay detection problem. IS there a way around this issue now. You can try using mod_auth_kerb (modauthkerb.sf.net), which also

Re: Question: want different default_realm for service and user principles

The approach is a valid way of doing things. On the Unix system you will need to use more than one configuration file and specify which one to use via the KRB5_CONFIG environment variable. Jeffrey Altman Dirk Pape wrote: > Hello, > > I want to do the following with two kerberos realms which tr