Douglas,
As per the Kerberos clarifications (draft-ietf-krb-wg-kerberos-clarifications-07.txt), if
pre-authentication is required, but was not present in the AS-REQ, an error message with
the code KDC_ERR_PREAUTH_REQUIRED is returned, and the e-data field of the KRB_ERROR
message will contain
As for the question on case-sensitivity, Kerberos principal names are
case-sensitive. On
MIT/Solaris/Linux KDCs one can create two separate account alice and
ALICE, but on Windows
there can be only one account alice. Windows KDC accounts are all
lower-case, changing the
Windows accounts are
1) Make sure you are using the right kinit. Run type kinit if bash is your
shell and check the path.
2) Run kinit under a debugger and see where it segfaults. If you use
a kinit out of the build tree rather than something you get after
make install, it will have symbols.
Hi, Sam,
First, kinit is the only binary of that name on the system. This machine
was kerberos free before I started working on it. The binary is indeed
in /usr/local/bin.
I ran kinit (from my build directory) under gdb, with the following result:
Program received signal SIGSEGV, Segmentation
David A Flores wrote:
Help anyone,
We are using a Windows domain controller as a KDC and we are trying to
authenticate a Solaris 9.0 OS box using Kerberos. The following is the
command we use to create the keytab file:
ktpass -princ host/[EMAIL PROTECTED] -mapuser dean19 -pass * -out
On Tue, Dec 07, 2004 at 05:57:47PM -0500, Chaskiel M Grundman wrote:
you ought to be able to tell if the client is sending a second request by
using tcpdump or ethereal to capture packets from the network while the
client is attempting to authenticate. (tcpdump does not have much of a krb5
At my new job they are looking to implement a domain
controller into the environment. In the future they
were looking to add kerberos, to provide additional
security and provide a single login on windows and
unix. In addition they currently have an AFS system(no
kerberos) in place. They have three
Hi
I have few question about kerberos
Please guide me or tell me anylink regarding them
My first question is that if 2 users are in two different domains and one need
to have a chain of KDCs to get a ticket for other. Will it be required to
include the complete chain of tickets or only the
Seema Malkani wrote:
Douglas,
As per the Kerberos clarifications
(draft-ietf-krb-wg-kerberos-clarifications-07.txt), if
pre-authentication is required, but was not present in the AS-REQ, an
error message with the code KDC_ERR_PREAUTH_REQUIRED is returned, and
the e-data field of the KRB_ERROR
Tom Yu wrote:
It would help us to diagnose your problem if you were to include the
exact command line which you provided to the configure script, as well
as details of your OS type and version.
I used :
./configure --enable-dns-for-realm --enable-shared --enable-athena
--enable-ipv6
A colleague went and asked Cisco about the Kerberos preauthentication
issue on VPN 3000 series hardware, and apparently they do not support
preauthentication and do not intend to do so. I thought this might be
useful to other people on this list, so I sent it along.
Thanks again for all the
In article [EMAIL PROTECTED],
Rachel Elizabeth Dillon [EMAIL PROTECTED] wrote:
A colleague went and asked Cisco about the Kerberos preauthentication
issue on VPN 3000 series hardware, and apparently they do not support
preauthentication and do not intend to do so. I thought this might be
useful
On Dec 8, 2004, at 17:49, Rachel Elizabeth Dillon wrote:
A colleague went and asked Cisco about the Kerberos preauthentication
issue on VPN 3000 series hardware, and apparently they do not support
preauthentication and do not intend to do so. I thought this might be
useful to other people on this
13 matches
Mail list logo