building static db library
set -x; objlist=`set -x && perl -p -e 'BEGIN { $SIG{__WARN__} = sub {die
@_} }; $e=$ARGV; $e =~ s/OBJS\...$//; s/^/ /; s/ $//; s/ / $e/g;'
hash/OBJS.ST btree/OBJS.ST db/OBJS.ST mpool/OBJS.ST recno/OBJS.ST
clib/OBJS.ST` && ar cq libdb.a $objlist
++ set -x
++ perl -p -e
"Tim Alsop" <[EMAIL PROTECTED]> writes:
> Michael,
> I suggest you take a look at XAD (www.padl.com). This is a product that
> runs on Linux, and looks like an Active Directory domain controller.
PADL pulled XAD from its website for reasons not yet announced. Maybe
Luke Howard will want to comme
I was going to make the identical suggestion, however, when I
went looking on the PADL website, mention of XAD was nowhere to
be found. A search of the site turns up references to XAD,
however, they either lead to 404s or to redirects to the main
product page.
Perhaps XAD is being shelved?
Michael,
I suggest you take a look at XAD (www.padl.com). This is a product that
runs on Linux, and looks like an Active Directory domain controller.
Cheers,
Tim
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Michael B Allen
Sent: 09 August 2006 20:33
On Wednesday, August 09, 2006 02:55:05 PM -0500 "Douglas E. Engert"
<[EMAIL PROTECTED]> wrote:
>> __gss_userok() is not; should it be?
>
> I would say yes. Every service needs to do this, and use the GSS creds
> to test if it can use the local resource. So it in that regards it is
> generic.
A
On Wed, Aug 09, 2006 at 02:55:05PM -0500, Douglas E. Engert wrote:
> Nicolas Williams wrote:
> >gss_store_cred() is a KITTEN WG work item.
> >
> >__gss_userok() is not; should it be?
>
> I would say yes. Every service needs to do this, and use the GSS creds
> to test if it can use the local resou
Nicolas Williams wrote:
> On Wed, Aug 09, 2006 at 02:26:57PM -0500, Douglas E. Engert wrote:
>
>>
>>Nicolas Williams wrote:
>>
>>
>>>On Wed, Aug 09, 2006 at 09:52:51AM -0500, Douglas E. Engert wrote:
>>>
>>>
Markus Moeller wrote:
>There shouldn't be the need of compiling opens
Erich Weiler wrote:
>
> 1: I want SSH to automatically forward my krb5 credentials when I SSH
> into another machine using public keys.
>
Don't think OpenSSH will do this either with out mods.
>
>
> Kerberos mailing list Kerberos
Hi Shawn,
Active Directory is the name of Microsoft's KDC/LDAP server. So there's
no such thing as "Active Directory server on linux". You could setup a
KDC (MIT, Heimdal, etc) or an LDAP server (OpenLDAP, Fedora Directory
Server) on your Linux machine but even if you managed to get them
to work t
On Wed, Aug 09, 2006 at 02:26:57PM -0500, Douglas E. Engert wrote:
>
>
> Nicolas Williams wrote:
>
> >On Wed, Aug 09, 2006 at 09:52:51AM -0500, Douglas E. Engert wrote:
> >
> >>Markus Moeller wrote:
> >>
> >>>There shouldn't be the need of compiling openssh with Kerberos as the
> >>>Solaris 10
Nicolas Williams wrote:
> On Wed, Aug 09, 2006 at 09:52:51AM -0500, Douglas E. Engert wrote:
>
>>Markus Moeller wrote:
>>
>>>There shouldn't be the need of compiling openssh with Kerberos as the
>>>Solaris 10 version supports GSSAPI authentication.
>>
>>Yes and no. Until you want to store the
On Wednesday, August 09, 2006 11:56:07 AM -0500 Nicolas Williams
<[EMAIL PROTECTED]> wrote:
> On Wed, Aug 09, 2006 at 09:36:30AM -0700, Erich Weiler wrote:
>> I am getting credentials through PAM. That much is working. My
>> problem, very specifically, is that:
>>
>> 1: I want SSH to automati
On 2006-08-09 12:21:56 +0200, "Jesper Angelo" <[EMAIL PROTECTED]> said:
> Account: newbie ( Created on both AD and local (/etc/passwd) )
Well, what I intended was to create a local user and then kinit to a
principal. So on unix ``localuser'' and on AD ``aduser''.
> Login with pam_unix yields: [
Account: newbie ( Created on both AD and local (/etc/passwd) )
Login with pam_unix yields:
==> /var/log/auth.log <==
Aug 9 11:51:11 localhost login[15519]: pam_krb5:
pam_sm_authenticate(login newbie): entry:
Aug 9 11:51:11 localhos
I am getting some errors related with kerberos such that after su to some
KRB5LDAP users I am creating files and then setting acls to that files
but the files are creating with "nobody nobody" in the user and group
field instead of creating with actual user and group name.And then I am
tryin
On Wed, Aug 09, 2006 at 09:52:51AM -0500, Douglas E. Engert wrote:
> Markus Moeller wrote:
> > There shouldn't be the need of compiling openssh with Kerberos as the
> > Solaris 10 version supports GSSAPI authentication.
>
> Yes and no. Until you want to store the delegated credential or do a
> kr
On Wed, Aug 09, 2006 at 09:36:30AM -0700, Erich Weiler wrote:
> I am getting credentials through PAM. That much is working. My
> problem, very specifically, is that:
>
> 1: I want SSH to automatically forward my krb5 credentials when I SSH
> into another machine using public keys.
This makes
I am interested in getting an Active Directory server setup on a linux (Ubuntu)
server. I currently just have a samba file server, ntp, and dns setup on this
server. I don't have any Windows 2k/XP servers here.
I have found many howtos and other docs on kerberos, ldap, and samba. However
my questi
> You fundamentally misunderstand how network authentication and
> credential forwarding work.
No, I think I do understand it. All you have written below are steps I
have taken and am sorted with. Perhaps I'm not making myself very clear
in describing the problem I'm having (which I can certai
On Wed, Aug 09, 2006 at 08:24:22AM -0700, Erich Weiler wrote:
> The main reason I need to compile OpenSSH with krb5 is because the way I
> have it working currently, OpenSSH using PAM, does not does _forward_
> krb5 creds when SSHing to another machine. I have seen OpenSSH using
> GSS-API auth
Another comment, if the problem is the Solaris 10 sshd is not saving
the forwarded credentials, it could be the pam.conf is not configured
correctly. sshd calls pam with a number of different services names,
including sshd-password, sshd-gssapi, sshd-kdbint. (If one of these
is not found, other is
Erich Weiler wrote:
>> With OpenSSH-4.1 at least ssh_gssapi_krb5_storecreds and
>> ssh_gssapi_krb5_userok make krb5 API calls as gss never had a simple
>> authz function or a way to save the delegated creds.
>>
>> Solaris 10's sshd uses PAM, to do these. OpenSSH should look at that
>> approach t
> With OpenSSH-4.1 at least ssh_gssapi_krb5_storecreds and
> ssh_gssapi_krb5_userok make krb5 API calls as gss never had a simple
> authz function or a way to save the delegated creds.
>
> Solaris 10's sshd uses PAM, to do these. OpenSSH should look at that
> approach too, then it would not need K
Markus Moeller wrote:
> There shouldn't be the need of compiling openssh with Kerberos as the
> Solaris 10 version supports GSSAPI authentication.
Yes and no. Until you want to store the delegated credential or do a
krb5_userok test.
With OpenSSH-4.1 at least ssh_gssapi_krb5_storecreds and
ss
Erich Weiler wrote:
> Hi all-
>
> I'm not sure this is the correct place to post about this but I'm
> getting no response over an OpenSSH.org, if there is a more appropriate
> place to post please let me know... And the people at Sun scream at me
> for even considering openssh when they supp
P.S. I should say we are using the Solaris ssh and sshd, as well as
their pam_krb5. But there are issues with the pam_krb5 with using
session based caches rather then user, and updating of the TGT
but leaving older tickets in the cache.
Erich Weiler wrote:
> Hi all-
>
> I'm not sure this is the
[EMAIL PROTECTED] (Mordur Ingolfsson) writes:
Morning,
> I'm new to kerberos. I wish to use Kerberos for password verification
> on a cyrus imap installation. My problem is, that since we serve
> multiple domains, the usernames are in the form "[EMAIL PROTECTED]"
> Is it possible to create princ
There shouldn't be the need of compiling openssh with Kerberos as the
Solaris 10 version supports GSSAPI authentication.
Markus
"Erich Weiler" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi all-
>
> I'm not sure this is the correct place to post about this but I'm
> getting no
28 matches
Mail list logo