Hi,
I am using Kerberos 5-1.4.2 on Solaris 9 and Window 2000 as the KDC.
I am trying to login automatically login with from the unix host to
the same unix host without having to type in a password, i.e. I
should be able to use the host principal.
However, I get "Not enough room for authenticatio
FM wrote:
I'm using pam_krb5 include with RedHat enterprise 4.
I look inside the README in the source and there is no refresh_creds
option.
Which pam_krb5 are you using ?
Depends on system.
On Solaris 10, xsecreensaver calls the SOlaris PAM and refresh works
without any extra parameters
I'm using pam_krb5 include with RedHat enterprise 4.
I look inside the README in the source and there is no refresh_creds option.
Which pam_krb5 are you using ?
Douglas E. Engert wrote:
FM wrote:
Thanks for your reply,
The prob is that xscreensaver (with pam_krb5) authenticate me :
Sep 20
FM wrote:
Thanks for your reply,
The prob is that xscreensaver (with pam_krb5) authenticate me :
Sep 20 15:26:11 SRV krb5kdc[17590](info): AS_REQ (2 etypes {16 1})
192.168.4.171(88): ISSUE: authtime 1127244371, etypes {rep=16 tkt=16
ses=16}, [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED]
alright the password issue was solved by kadmin.local
but the above ones remain the same
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Thanks for your reply,
The prob is that xscreensaver (with pam_krb5) authenticate me :
Sep 20 15:26:11 SRV krb5kdc[17590](info): AS_REQ (2 etypes {16 1})
192.168.4.171(88): ISSUE: authtime 1127244371, etypes {rep=16 tkt=16
ses=16}, [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED]
but it does no
FM wrote:
Hello,
We are are using MIT krb5 + LDAP on server and pam_krb5
(pam_krb5-2.1.2-1) on clients
I'd like to use nfsv4 sec=krb5 for my home users folers.
with sec=krb5, the nfs server will check the TGT of the user, the prob is :
when you unlock you computer, yout TGT is not creat of
> "Christoph" == Christoph Weizen <[EMAIL PROTECTED]> writes:
Christoph> $ ./gsstest -l /usr/local/lib/libgssapi_krb5.so -d 4 -p out.txt
Christoph> Sending verbose output to file "out.txt"
Christoph> Segmentation fault (core dumped)
Christoph> $ gdb ./gsstest core
Christoph> [...]
Christoph>
packet capture error details :
KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
sname in all KRB-ERROR AND TGS-REQ is : krbtgt
I dont see other service principal other than
krbtgt/[EMAIL PROTECTED]
-
Kerberos mailing list Kerberos@mit.edu
https://mailma
Great, it looks like the netdom trust command is the missing piece.
Buck Huppmann wrote:
On Fri, Sep 16, 2005 at 09:58:13AM -0500, Douglas E. Engert wrote:
But there is:
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-06.txt
which allows a client to ask the user's
Hello,
We are are using MIT krb5 + LDAP on server and pam_krb5
(pam_krb5-2.1.2-1) on clients
I'd like to use nfsv4 sec=krb5 for my home users folers.
with sec=krb5, the nfs server will check the TGT of the user, the prob is :
when you unlock you computer, yout TGT is not creat of renew.
So user
You have to do add ajay/[EMAIL PROTECTED] to .k5login of user ajay
on engr-167.company.com, then a kinit as ajay/[EMAIL PROTECTED] and
a telnet -F -l ajay engr-167.company.com 545
Markus
"vj" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> [EMAIL PROTECTED] ajay]$ telnet -F -l
[EMAIL PROTECTED] ajay]$ telnet -F -l ajay/[EMAIL PROTECTED]
engr-167.company.com 545
Trying 192.168.50.167...
Connected to engr-167.company.com (192.168.50.167).
Escape character is '^]'.
telnetd: Authorization failed.
Connection closed by foreign host.
[EMAIL PROTECTED] ajay]$ klist
Ticket cache:
Hi list,
I experimentize with kerberos, sncadapt and gsstest to maybe get Single
Sign-On work with a Windows Client (SAPGUI) to a Unix/Linux (SAP) Server.
So I compiled krb5-1.4.2 (./configure --enable-shared) and gsstest-1.26.
kinit and klist works. But when running gsstest I get a core dump.
On Fri, Sep 16, 2005 at 09:58:13AM -0500, Douglas E. Engert wrote:
> But there is:
>
> http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-06.txt
>
> which allows a client to ask the user's KDC for a service ticket. If the KDC
> can't do it, the KDC will refer the client to
Greetings once again, everyone.
I'm sorry to bother the whole Kerberos team with this somewhat off-topic
request, but I've been asked to pass this on to the mailing list.
The newest Solaris 10 SEAM has greatly expanded its MIT Kerberos
interoperability, and we would like to move forward with its
Hi,
here's my (random) notes and how i do windows/MIT key exchange
successfully:
with recent versions of MIT Kerberos it is not neccessary to specify any
special enc-type as it supports MD4 (which is windows default now)
i'm also not specifying the ptype flag to ktpass.
the principal you specif
17 matches
Mail list logo
