Hi,
If you are using kerberos passthru ldap configuration
to have a single password storage for your users
through saslauth... is it possible to sync both the
principal names in kerberos and usernames or userid in
ldap? How?
Thanks
__
Do You
Hi,
Am Montag, 15. Mai 2006 23:26 schrieb Jason Shaev:
Hello,
I am having a problem installing kerberos in Fedora Core 5.
After running a straight ./configure succesfully (I attach the
config.log and config.cache)...I receive this error during make:
threads.c: In function
On 2006-05-08 13:22:40 -0400, Scott Lowe [EMAIL PROTECTED] said:
On 2006-05-06 00:14:58 -0400, Richard E. Silverman [EMAIL PROTECTED] said:
SL == Scott Lowe [EMAIL PROTECTED] writes:
SL I was just a bit caught off-guard by the fact that the
SL authentication (again, via pam_krb5)
Has anyone gotten Solaris 9's sshd and pam_krb5.so
to work?
I can't seem to. I am told:
authentication failed: Bad encryption type
May 16 14:19:33 noodle.foo.com sshd[676]: [ID 537602 auth.error]
PAM-KRB5 (auth): krb5_verify_init_creds failed: Bad encryption type
However, MIT
On Monday 15 May 2006 14:59, Trey Tarpley wrote:
Our company's internal web site (intranet) is set up with an auto-login
feature with Kerberos. Some employees are having trouble being
automatically logged in. The problem seems to be that IE is using the old
authentication with NTLM instead
Nicolas Williams wrote:
On Tue, May 16, 2006 at 02:23:16PM -0400, Jeff Blaine wrote:
authentication failed: Bad encryption type
bash-2.05# /export/home/krb5/sbin/ktutil
ktutil: rkt /etc/krb5.keytab
ktutil: list
slot KVNO Principal
On Tue, May 16, 2006 at 02:23:16PM -0400, Jeff Blaine wrote:
authentication failed: Bad encryption type
bash-2.05# /export/home/krb5/sbin/ktutil
ktutil: rkt /etc/krb5.keytab
ktutil: list
slot KVNO Principal
On Tue, May 16, 2006 at 03:10:04PM -0400, Jeff Blaine wrote:
Nicolas Williams wrote:
What does klist -ke /etc/krb5/krb5.keytab say?
bash-2.05# /export/home/krb5/bin/klist -ke /etc/krb5/krb5.keytab
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
I'm confused, then, Nicolas.
As I read the output, there are 2 keys stored
for these principals:
1 using Triple DES cbc mode with HMAC/sha1
1 using DES cbc mode with CRC-32
And the first matching enctype is supposed to be used,
which would be des-cbc-crc (and des3-hmac-sha1 would
not, as
Hi,
I try to setup for a school project a kdc server and two clients :
On the kdc server, which I called fred, and the realm is TPKERBEROS.FR which
is running fine:
i setup in /etc/hosts : 192.168.1.100 fred.tpkerberos.fr
fred
On Tue, May 16, 2006 at 04:01:11PM -0400, Jeff Blaine wrote:
I'm confused, then, Nicolas.
As I read the output, there are 2 keys stored
for these principals:
1 using Triple DES cbc mode with HMAC/sha1
1 using DES cbc mode with CRC-32
And the first matching enctype is supposed
Nicolas Williams wrote:
On Tue, May 16, 2006 at 04:01:11PM -0400, Jeff Blaine wrote:
I'm confused, then, Nicolas.
As I read the output, there are 2 keys stored
for these principals:
1 using Triple DES cbc mode with HMAC/sha1
1 using DES cbc mode with CRC-32
And the first matching
On Tuesday, May 16, 2006 05:32:45 PM -0400 Jeff Blaine
[EMAIL PROTECTED] wrote:
I guess this is what I want:
http://www.ietf.org/internet-drafts/draft-zhu-kerb-enctype-nego-04.txt
Actually, this doesn't help with your problem. The mechanism described in
that document allows a client and
On Tue, May 16, 2006 at 05:32:45PM -0400, Jeff Blaine wrote:
Nicolas Williams wrote:
What does kadmin -q getprinc host/[EMAIL PROTECTED] say?
I bet the des3-hmac-sha1 key comes before the des-cbc-crc key.
Yes, it does.
Well, that's it then. Switch to des-cbc-crc.
Yes, the krb5 team
On Tue, May 16, 2006 at 04:57:29PM -0500, Nicolas Williams wrote:
Hmmm, OK, this is complicated, and I'd rather not go into all these
details, but:
^
right now
Kerberos mailing list Kerberos@mit.edu
The Oracle Kerberos implementation appears to be different from the
Solaris implementation it sits on top of. There isn't much info on
the core differences in the Oracle documentation I've seen and we
haven't gotten much out of our support contract, at least yet.
What I've seen is the
Yes, MIT k5 1.4.3
The only Solaris piece I ever expect to use is pam_krb5.so
I've yet to touch/test Linux + K5, but it will be promptly
after I find most of the hiccups with Solaris + MIT for
now. Then it's on to Cyrus IMAP integration and other
fun stuff.
Maybe I'm just sore about it, but
That seems a real shame -- Use 1DES in any homogenous
environment or you may really hurt yourself.
It's not actually _that_ bad, and you don't want to change your
supported_enctypes line. The only _crucial_ thing is that you
cannot have service keys on a system that it cannot handle. The
On Tuesday, May 16, 2006 06:40:29 PM -0400 Jeff Blaine
[EMAIL PROTECTED] wrote:
Yes, MIT k5 1.4.3
The only Solaris piece I ever expect to use is pam_krb5.so
I've yet to touch/test Linux + K5, but it will be promptly
after I find most of the hiccups with Solaris + MIT for
now. Then it's
And now, I cannot get kadmin.local to NOT make 3DES
keys. I have tried:
1. kdc_supported_enctypes = des-cbc-crc:normal
2. supported_enctypes = des-cbc-crc:normal
3. Both 1 and 2 at the same time
4. 1, 2, and 3 after restarting everything
5. Checked and rechecked that I am editing the
Hello,
I am looking for information as to how can a scheduled cron job be
authenticated?
If I am submitting a cron job from app which might run after 25 hours.
How can this be done ???
Thank You
Anu M
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
21 matches
Mail list logo