On Jul 8, 2005, at 00:56, Phil Dibowitz wrote:
On Thu, Jul 07, 2005 at 10:37:52PM -0400, Ken Raeburn wrote:
Without a bit more data, it's hard to tell. Do these applications
link
against the pthread library? Did you give any interesting options
when
configuring the Kerberos code? What did c
On Thu, Jul 07, 2005 at 10:37:52PM -0400, Ken Raeburn wrote:
> Without a bit more data, it's hard to tell. Do these applications link
> against the pthread library? Did you give any interesting options when
> configuring the Kerberos code? What did configure report when it went
> looking for
On Jul 7, 2005, at 17:46, Phil Dibowitz wrote:
Things worked well, except that on Solaris 2.6, several applications,
including openssh and a homegrown app through this:
Assertion failed: i->did_run != 0, file
../../../../src/lib/krb5/../../include/k5-platform.h, line 232
And for reference, that
On Thursday, July 07, 2005 06:18:16 PM -0700 Phil Dibowitz <[EMAIL PROTECTED]>
wrote:
On Thu, Jul 07, 2005 at 09:03:36PM -0400, Jeffrey Hutzelman wrote:
On Thursday, July 07, 2005 05:46:18 PM -0700 Phil Dibowitz
<[EMAIL PROTECTED]> wrote:
> and the right tgt (based on Kerberos by Brian
On Thu, Jul 07, 2005 at 09:03:36PM -0400, Jeffrey Hutzelman wrote:
>
>
> On Thursday, July 07, 2005 05:46:18 PM -0700 Phil Dibowitz <[EMAIL
> PROTECTED]>
> wrote:
>
> >and the right tgt (based on Kerberos by Brian Tung), doesn't seem to be
> >doing anything:
> >
> >[EMAIL PROTECTED]
>
> This
On Thursday, July 07, 2005 05:46:18 PM -0700 Phil Dibowitz <[EMAIL PROTECTED]>
wrote:
and the right tgt (based on Kerberos by Brian Tung), doesn't seem to be
doing anything:
[EMAIL PROTECTED]
This principal is meaningless, and is used for nothing.
and the mystery ticket is doing everyth
Phil Dibowitz <[EMAIL PROTECTED]> writes:
> OK, so going back, I find that
> krbtgt/[EMAIL PROTECTED] is for crossrealm trust.
> [EMAIL PROTECTED] was our original tgt.
> However, now all tickets seem to be coming from
> krbtgt/[EMAIL PROTECTED] Now the person who setup
> krbtgt/[EMAIL PROTECTED
On Thu, Jul 07, 2005 at 05:30:07PM -0700, Phil Dibowitz wrote:
> On Thu, Jul 07, 2005 at 02:22:59PM -0700, Phil Dibowitz wrote:
> > On Wed, Jul 06, 2005 at 07:21:17PM -0400, Kevin Coffman wrote:
> > > My guess is that your krbtgt/[EMAIL PROTECTED] principal still
> > > only has a des key. 'cpw -ra
On Thu, Jul 07, 2005 at 02:22:59PM -0700, Phil Dibowitz wrote:
> On Wed, Jul 06, 2005 at 07:21:17PM -0400, Kevin Coffman wrote:
> > My guess is that your krbtgt/[EMAIL PROTECTED] principal still
> > only has a des key. 'cpw -randkey -keepold' on that principal to
> > generate other keys.
>
> Nice
On Thu, Jul 07, 2005 at 07:52:52PM -0400, Tom Yu wrote:
> > "phil" == Phil Dibowitz <[EMAIL PROTECTED]> writes:
>
> phil> 2. As expected doing the cpw on the krbtgt/ISD.USC.EDU ticket provides
> us
> phil> with:
>
> phil> Key: vno 2, ArcFour with HMAC/md5, no salt
> phil> Key: vno 2, Triple
> "phil" == Phil Dibowitz <[EMAIL PROTECTED]> writes:
phil> 2. As expected doing the cpw on the krbtgt/ISD.USC.EDU ticket provides us
phil> with:
phil> Key: vno 2, ArcFour with HMAC/md5, no salt
phil> Key: vno 2, Triple DES cbc mode with HMAC/sha1, no salt
phil> Key: vno 2, DES cbc mode with
Folks,
I recently tested a change from 1.3.1 to 1.4.1 on our Solaris 2.6, 8, and 9
machines.
Things worked well, except that on Solaris 2.6, several applications,
including openssh and a homegrown app through this:
Assertion failed: i->did_run != 0, file
../../../../src/lib/krb5/../../include/k5
On Wed, Jul 06, 2005 at 07:21:17PM -0400, Kevin Coffman wrote:
> My guess is that your krbtgt/[EMAIL PROTECTED] principal still
> only has a des key. 'cpw -randkey -keepold' on that principal to
> generate other keys.
Nice. That works. I didn't realize that had to be updated. Which leaves me
with
> "trkbabu" == trkbabu <[EMAIL PROTECTED]> writes:
trkbabu> Hi Juan, I am now configuring SSO using Kerberos, My SAP
trkbabu> servers are in unix,And my domain is on MS-ADS, can you
trkbabu> give me how to configure Thanks In advance Rama
trkbabu> _
Ken Hornstein wrote:
> When I cornered one of the Globus guys and asked him point-blank the
> same question, he told me that in his opinion the decision to do PKI
> was really driven politically from the top, and he thought Kerberos
> made a LOT more sense.
the original pk-init draft for kerberos
Hi,
I wish to intercept traffic from the client to a server and decrypt it.
The messages are encrypted (keys are setup via kerberos KR5).
To do the decryption, I would need the server's long term key (the long
term key that is stored in and maintained by the kerberos key
distribution center K
Tim Warnock wrote:
I was curious if anyone has any comments (personal/political/technical)
or could point me to a decent resource comparing Globus versus
Kerberos. I've had to work with Globus quite a bit, and the overall
trend in the existing GSI-based research grids is to move towards
>I was curious if anyone has any comments (personal/political/technical)
>or could point me to a decent resource comparing Globus versus
>Kerberos. I've had to work with Globus quite a bit, and the overall
>trend in the existing GSI-based research grids is to move towards
>centrally managed ce
I've been looking into kerberized web applications (and web services,
in general), and I have to confess, I've come up short on satisfying
solutions. I thought I'd open the floor to discussion.
A big part of the problem is HTTP (big surprise -- yet another
protocol that is being used for
Douglas,
Thank you. Changing the password for the account in domain that was not
working fixed the problem, now with both domains the case of the account
name entered during logon is not used to construct the client principal
name ... Hurray !
Thanks again,
Tim
-Original Message-
From:
I was curious if anyone has any comments (personal/political/technical)
or could point me to a decent resource comparing Globus versus
Kerberos. I've had to work with Globus quite a bit, and the overall
trend in the existing GSI-based research grids is to move towards
centrally managed cert/
Hi!
We are doing a project in which we need to authenticate windows users to
WebLogic
with SPNEGO. There is an Authentication provider in WebLogic (on linux) which
handles all necessary negotiate things (with the standard GSS interface from
Sun), a
configured Active Directory, and a properly con
22 matches
Mail list logo
