> "Douglas" == Douglas E Engert <[EMAIL PROTECTED]> writes:
Douglas> But to get this set by the OpenSSH code required the call
Douglas> to ssh_gssapi_storecreds to be moved up somewhat in the
Douglas> code.
Douglas> It sounds like debian has done something simmiliar. Is
D
Sam,
I was just looking at the OpenSSH-3.8 whihc is in testing, to see
how I could get ride of my last mod. It was geting an AFS token.
I was developing a pam_afs2.so wihc had a pam_sm_open_session
routine that would look for the KRB5CCNAME in the pam environment
so aklog could be called.
But to ge
I just realized the error in my command.
I had -S DOMAIN instead of -S PDC.
Sorry for the wasted bytes and time!
--
__
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Pow
Having some trouble with the setup of winbind:
This command fails:
[EMAIL PROTECTED] local]# /usr/local/samba/bin/net rpc join -S PRIV_DOMAIN -U
domain_admin
Unable to find a suitable server
Unable to find a suitable server
Here's the output of winbinds log, I only included wh
> "Lara" == Lara Adianto <[EMAIL PROTECTED]> writes:
Lara> Hi, I have a basic question about kerberos concept. As I
Lara> browsed through MIT source code to better understand how
Lara> kerberos works, I noticed that in processing the tgs
Lara> request, the ticket is always dec
In debian, using the ssh-krb5 package with a pam config like:
auth [success=ok default=1] pam_krb5.so forwardable
auth [default=1] pam_permit.so
auth required pam_unix.so try_first_pass
auth [default=ignore] pam_openafs_session.so
should mostly do what you want.
Note that the ssh gssa
The "Windows cache" is the cache which you can view when using
kerbtray.exe. I didn't try, but I guess you would also see this when
using klist.exe or any other tool that looks in LSA cache.
Tim.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Jeffrey Alt
What is "Windows cache"? Do you mean "KLIST"? "KERBTRAY"?
Or do you mean the ClientName and ClientRealm fields of
KERB_TICKET structures?
Tim Alsop wrote:
> Hi,
>
> I am not sure if this is useful or not, but we recently noticed
> something odd when logging in with [EMAIL PROTECTED] If y
Hi,
I am not sure if this is useful or not, but we recently noticed
something odd when logging in with [EMAIL PROTECTED] If you login with an
account name of this format and the account is set to use DES keys the
client principal name shown in Windows cache is [EMAIL PROTECTED]@REALM
instead of [E
I believe this is a documented bug which Microsoft chooses not to
fix. The user is required to login using
[EMAIL PROTECTED]
instead of just the username.
Jeffrey Altman
[EMAIL PROTECTED] wrote:
> Hi!
>
> We have a Windows 2000 domain with workstations performing authentication
> at
[EMAIL PROTECTED] wrote:
Hi!
We have a Windows 2000 domain with workstations performing authentication
at a MIT Kerberos KDC. It works fine but, if the user's password has
expired, the Windows workstations displays it's normal "password expired"
alert, but when the user tries to change this passw
Hi!
We have a Windows 2000 domain with workstations performing authentication
at a MIT Kerberos KDC. It works fine but, if the user's password has
expired, the Windows workstations displays it's normal "password expired"
alert, but when the user tries to change this password, Windows shows the
"d
>I have a basic question about kerberos concept.
>As I browsed through MIT source code to better
>understand how kerberos works, I noticed that in
>processing the tgs request, the ticket is always
>decrypted using server's key retrieved from keytab. If
>the server is a TGS service (krbtgt) or
>kad
Hi,
I have a basic question about kerberos concept.
As I browsed through MIT source code to better
understand how kerberos works, I noticed that in
processing the tgs request, the ticket is always
decrypted using server's key retrieved from keytab. If
the server is a TGS service (krbtgt) or
kadmin
14 matches
Mail list logo
