Ken Raeburn wrote:
If you can identify any configuration tests which are assuming the
host and target are the same, but can fairly easily be made to not
make that assumption (e.g., transforming a test from runs without
crashing if property X is true to won't compile unless property X is
true),
Does your platform have a /var/tmp directory? IT sounds like your
platform managed to move where the replay cache lives between these
two versions.
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
Sam Hartman wrote:
Does your platform have a /var/tmp directory? IT sounds like your
platform managed to move where the replay cache lives between these
two versions.
Bingo.
Thank you so much...
--
°v° Sulamita Garcia Cyclades
Hi there,
our client/server application uses either SSPI (Windows) or GSS-API
(UNIX) in order to establish a secure context.
In order to make it work properly, I had to set specific encryption
types in the krb5.conf file of the UNIX server:
[libdefaults]
default_tkt_enctypes =
There is no need to nor should you set the tkt and tgs enctypes.
MIT Kerberos 1.3 and higher support all of the enctypes used by
the Windows Kerberos SSPI.
If your service is running on Unix, then you must make sure that
you create a keytab containing entries for each of the keys that
Windows can
Has anyone implemented Kerberos id lockouts after X invalid TGS/TGT
attempts? (obviously PREAUTH has to be enabled). I see reference on the
list to folks parsing the logs to do this function. I also found several
references to using the built-in untested MIT code to update the db on
fails. The MIT
Hi All:
An encryption related question:
When we talk about des3-cbc-sha1 support - The way I understand it means support for
des3-cbc encryption with CKSUMTYPE_HMAC_SHA1_DES3. I hope my understanding is
corrrect in terms of this.
Now, for des3-cbc-md5 encryption - it means we again need
Andreas wrote:
On Mon, Sep 13, 2004 at 03:10:55PM -0400, rachel elizabeth dillon wrote:
It is possible that your question is answered by this question in the
Kerberos FAQ:
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#kerbwww
There has also been some work done on integrating
Hi All:
While performing des3-cbc decryption, Kerberos gives the following error
KRB5DES_BAD_KEYPAR, specifiying bas parity error. Could anyone please shed some
ligh on why this error could be happening? All the other chekcs have passed. My
keylength is ok. Could it be because of the key
Ish == Ahluwalia, Ish [EMAIL PROTECTED] writes:
Ish When we talk about des3-cbc-sha1 support - The way I understand
Ish it means support for des3-cbc encryption with
Ish CKSUMTYPE_HMAC_SHA1_DES3. I hope my understanding is corrrect in
Ish terms of this.
I believe this is correct, though
Ahluwalia, == Ahluwalia, Ish [EMAIL PROTECTED] writes:
Ahluwalia, Essentially, I'm asking if if the process is same
Ahluwalia, between the two ciphersuites, just that HASH
Ahluwalia, algorithms are different?
No. Completely different process. I don't think des3-cbc-md5
supports
11 matches
Mail list logo