Kerberos referrals have been implemented in Heimdal and MIT (with a
patch from UMich) and, of course, Windows.
My understanding is that Kerberos referrals are used to permit
cross-realm authentication against remote realms that are not explicitly
configured in the client's configuration.
Of
Josh Howlett wrote:
Kerberos referrals have been implemented in Heimdal and MIT (with a
patch from UMich) and, of course, Windows.
My understanding is that Kerberos referrals are used to permit
cross-realm authentication against remote realms that are not explicitly
configured in the
We started with a patch that assumed all referrals would go to one place.
We had a need to send referrals to either a test Windows forest or a
production forest. That is where the [domain_referral] stuff came
from. Then we found that some requests were coming in without
fully-qualified names,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 9 Nov 2005 at 15:36 (-0500), Kevin Coffman wrote:
Our patches are here: http://www.citi.umich.edu/u/kwc/krb5stuff/referrals.html
The page will be updated soon with a patch for 1.4.2, but the 1.3.4
patch applied rather cleanly last night
On 11/9/05, Mike Friedman [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 9 Nov 2005 at 15:36 (-0500), Kevin Coffman wrote:
Our patches are here:
http://www.citi.umich.edu/u/kwc/krb5stuff/referrals.html
The page will be updated soon with a patch for
On 11/9/05, Josh Howlett [EMAIL PROTECTED] wrote:
Kevin Coffman wrote:
We started with a patch that assumed all referrals would go to one place.
We had a need to send referrals to either a test Windows forest or a
production forest. That is where the [domain_referral] stuff came
from.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 9 Nov 2005 at 16:20 (-0500), Kevin Coffman wrote:
I remembered that one-line change after I sent my previous message. I
made the same change (except from MAX_DNS_NAMELEN+1 to MAXDNAME+1).
Kevin,
I believe I looked at the definition of
Josh Howlett wrote:
Douglas E. Engert wrote:
First of all see:
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-06.txt
I've already seen that. FWIW, see also
http://www.cs.washington.edu/homes/mikesw/papers/xrealm.pdf, which I
found a bit more digestable.
Of
Christopher,
I had the exact same problem. I was given 2 patches for KRB
1.4.1 and it fixed the problem. I applied the patches to my 1.4.2
source and the problem is resolved there too. Here are the patches:
DNSGLUE.C Patch:
*** ./src/lib/krb5/os/dnsglue.c.origFri Jan 14 17:10:53
hi, I have dealing the problem for long time and no response in bea forum.
I feel very exhausted when checking mit's kerberos mailist and sun
security forum.
The problem is KDC has no support for encryption type (14) when i
doing the SSO between MS domain and Weblogic.
I had set Account to use
Hello ,
* On 13:24, Wed 09 Nov 05, Douglas E. Engert wrote:
Josh Howlett wrote:
Kerberos referrals have been implemented in Heimdal and MIT (with a
patch from UMich) and, of course, Windows.
My understanding is that Kerberos referrals are used to permit
cross-realm
On Nov 9, 2005, at 21:19, Saber Zrelli wrote:
I read this draft and I am trying to understand how referrals work.
In section 8. Cross realm routingi, It is said that for server
referrals, the KDC takes in charge the optimization of the referral
path because it has more information about
Douglas E. Engert wrote:
First of all see:
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-06.txt
I've already seen that. FWIW, see also
http://www.cs.washington.edu/homes/mikesw/papers/xrealm.pdf, which I
found a bit more digestable.
Of particular interest to me
Kevin Coffman wrote:
We started with a patch that assumed all referrals would go to one place.
We had a need to send referrals to either a test Windows forest or a
production forest. That is where the [domain_referral] stuff came
from. Then we found that some requests were coming in without
Including the following entry in the libdefaults section of krb5.conf
dns_lookup_kdc = false
will probably work.
and if you don't want dns for the realm either, then add the following
entry as well:
dns_lookup_realm = false
See /krb5/man/man5/krb5.conf.5 for details.
david.turing
Kevin Coffman wrote:
On 11/9/05, Josh Howlett [EMAIL PROTECTED] wrote:
Kevin Coffman wrote:
We started with a patch that assumed all referrals would go to one place.
We had a need to send referrals to either a test Windows forest or a
production forest. That is where the [domain_referral]
16 matches
Mail list logo