Requires HW Auth
I have searched the Kerberos 5 code and searched the Web for answers on how to setup our Kerberos 5 environment to utilize hardware authentication, but I have had no luck. For instance, we have SecurID cards. It is our understanding that Kerberos 5 can be setup and configured so
Problem to have mod_auth_kerb to work
Hi, I have a linux (Fedore core 4) web server running Apache (2.0) with mod_auth_kerb and Tomcat. I want to implement a SSO for my web application. I have setup my system according to some documentation I found on the web: http://www.grolmsnet.de/kerbtut/ So I have my account created on the KDC
Authentication
2006-01-12
Thread
�ffffffffffcd�ffffffffffdf�ffffffffffea�ffffffffff ef�fffffffffff2 �ffffffffffca�ffffffffffe1�fffff fffffeb�fffffffffff0
Dear Kerberos team, I want your answer of the following question very soon: Can you tell me the steps for the authentication of a client to a proxy server using the protocol of Kerberos? I can't find this answer anywhere else. Please, answer me, by [EMAIL PROTECTED] Thank you.
d
Colleagues, I am running heimdal-0.6.3 on a FreeBSD 4.9-RELEASE system. Kerberized FTP logins from other systems fail with the following error: ftpd[51877]: --- 220 admin.sibptus.tomsk.ru FTP server (Version 6.00+Heimdal 0.6.3) ready.^M - ftpd[51877]: command: AUTH GSSAPI ftpd[51877]: ---
Re: Problem to have mod_auth_kerb to work
mod_auth_kerb can do either GSSAPI and/or Kerberos through Basic (you should protect it with SSL) Markus Victor Sudakov [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Smellyfrog wrote: I have a linux (Fedore core 4) web server running Apache (2.0) with mod_auth_kerb and Tomcat.
Re: allowing SSO for other hosts
Fredrik Tolf wrote: On Mon, 2006-01-09 at 09:28 -0600, Douglas E. Engert wrote: Rodrick Brown wrote: ktadd user/foo1.bar.com Not heeded, users are not in keytabs. In my experience, that's not just unneeded, but even detrimental. When I did that on my MIT KDC (in order to be able to
Re: Kerberos Confusion / Design Questions
Rodrick Brown wrote: I'm planning on deploying Sun-Kerberos with LDAP I have a few design questions It seems SSO between all hosts will only work if Ievery server is added to each servers keytab? Right now my KDC can log into every Wrong. The only keys that should be in a keytab are
Re: Importing data?
On Thursday, January 12, 2006 01:42:54 PM +0100 Bjorn Tore Sund [EMAIL PROTECTED] wrote: University of Bergen is setting up a unix/linux Kerberos realm to handle logons on our unix/linux clients and servers (about 1500). Our problem is that all 30.000 users needs principals on the KDC, and
Re: Importing data?
On Thursday, January 12, 2006 01:42:54 PM +0100 Bjorn Tore Sund [EMAIL PROTECTED] wrote: University of Bergen is setting up a unix/linux Kerberos realm to handle logons on our unix/linux clients and servers (about 1500). Our problem is that all 30.000 users needs principals on the
Re: Importing data?
JH == Jeffrey Hutzelman [EMAIL PROTECTED] writes: JH Well, the problem is that entries in NIS or in UNIX password files JH don't contain the password; they contain a one-way hash of the JH password. Without some fairly time-expensive cryptographic JH attacks, you can't recover the actual
Re: Authentication
As fas as I am aware there is no such protocol like Negotiate for proxu authentication defined. Markus ÿffcdÿffdfÿffeaÿffefÿfff2 ÿffcaÿffe1ÿffebÿfff0 [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Dear
Re: Problem to have mod_auth_kerb to work
On Thursday 12 January 2006 17:06, Smellyfrog wrote: My problem: IE (And Firecfox, but if could at least get IE to work that would be a start) keeps poping the logon window. Please 1. send the relevant part from Apache errorlog 2. Do a HEAD request to the location and send the HTTP-Headers
Re: Problem to have mod_auth_kerb to work
Smellyfrog wrote: My problem: IE (And Firecfox, but if could at least get IE to work that would be a start) keeps poping the logon window. For IE, you need the server in the LocalIntranet zone. If it is displayed as Internet, double-click that icon, and add the server explicitly. This is