I'm trying to test with gss-client and gss-server but am unsuccessful in
getting it to work.
I have setup a MIT Realm called test.com and added a client named test/[EMAIL
PROTECTED]
I am able to kinit and get a ticket from the KDC.
[EMAIL PROTECTED] gss-sample]# kinit
Password for test/[EMAIL
On Sunday, August 20, 2006 11:19:13 PM -0400 Michael B Allen
[EMAIL PROTECTED] wrote:
I was just trying pam_krb5 for kicks but it can't find my KDC. My
/etc/krb5.conf is just:
It helps a lot if you quote actual error messages, instead of paraphrasing
them. Similarly, it's going to be a
A Kerberos realm is always in uppercase [1]. If you did *everything*
with a lowercase realm name I suspect things might work but perhaps not.
Or, based on the second error, perhaps there is a DNS issue?
Mike
[1] The realm is effectively the DNS domain in uppercase and therefore
it is not
On Mon, 21 Aug 2006 10:39:13 -0400
Jeffrey Hutzelman [EMAIL PROTECTED] wrote:
On Sunday, August 20, 2006 11:19:13 PM -0400 Michael B Allen
[EMAIL PROTECTED] wrote:
I was just trying pam_krb5 for kicks but it can't find my KDC. My
/etc/krb5.conf is just:
It helps a lot if you quote
On Monday, August 21, 2006 12:05:24 PM -0400 Michael B Allen
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] src]$ ssh [EMAIL PROTECTED]
[EMAIL PROTECTED]'s password:
Permission denied, please try again.
There is no user5 on the local system. My expectation is that pam_krb5.so
should use the
Dear Contact,
We did not receive any answer, therefore we send you another email in order
to get some feedback from you.
Thank you very much in advance.
Regards,
Sabine DELAITRE
__
From: DELAITRE Sabine (JRC)
Sent: Monday, July 10, 2006
Hello,
I am using the Windows 2003 Domaincontroller and the included KDC. I want to
implement single-sign-on with an application that is a server programmed in
Java. Let's call it Alice. A client software, also programmed in Java, will
connect to Alice. Let's call this client Bob. Now Alice is
Hello,
can anybody please send some lines of JAVA code in which a service ticket is
acquired by the KDC? I tried it like this
// Performing Kerberos login
LoginContext tLoginContext = new LoginContext(JaasLogin);
tLoginContext.login();
final Subject tSubject =
Hi,
MIT kerberos code supports reading and writing
file cache format corresponding to cache type 4.
Does MS cache also support cache type 4.
Thanks,
Preetam
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
On Monday, August 21, 2006 04:36:32 PM +0200 [EMAIL PROTECTED]
wrote:
We did not receive any answer, therefore we send you another email in
order to get some feedback from you.
Thank you very much in advance.
kerberos@mit.edu is a public mailing list, not a private contact address.
On Mon, 21 Aug 2006 18:40:28 +0200
Florian Frankenberger [EMAIL PROTECTED] wrote:
My problem is that Alice is not in the domain in which the KDC is running. To
be more precise, the KDC and the service Alice are set up in different
network environments and thus do not know each other.
Is it
Do you have a .k5login file in the home directory on the
machine with the sshd? It should list the principals that
are allowed to access this unix account.
Note the return codes from the mm_answer_gss_userok is 1 when it
worked, 0 when it did not. So it looks like the gss authenticated you
but
There is no .k5login file in the home directory...though the user account
does exist on the machine, eventually the user database is going be stored
on LDAP and there will not be individual user accounts on the ssh servers.
Shouldn't the ACL take precedence anyway? I don't have a .k5login in
Yes. Sun's implementation of Java GSS/Kerberos is fully interoperable
with MIT GSS/Kerberos implementation.
Seema
Fredrik Tolf wrote On 08/21/06 12:48,:
Dear List,
I'm intending to write a network client kind of program that's supposed
to run on Windows, so I decided it to write it in Java,
Jason Mogavero wrote:
Ok, I should note that adding a .k5login file to the home directory of the
user I want to log in as did work. However, this setup won't work for
us in
the long run.
Good.
The ultimate goal is to have tech support reps be able to ssh into our
multitude of hosted
On Mon, 21 Aug 2006 21:48:30 +0200
Fredrik Tolf [EMAIL PROTECTED] wrote:
So, I'm wondering, are the messages created by JGSS compatible with the
ones used by the native MIT API?
Yes. There have been bugs in Java's Kerberos implementation but I'm not
sure if there is anything outstanding.
Jason Mogavero wrote:
There is no .k5login file in the home directory...though the user account
does exist on the machine, eventually the user database is going be stored
on LDAP and there will not be individual user accounts on the ssh servers.
Shouldn't the ACL take precedence anyway?
On Mon, 2006-08-21 at 18:29 -0400, Michael B Allen wrote:
On Mon, 21 Aug 2006 21:48:30 +0200
Fredrik Tolf [EMAIL PROTECTED] wrote:
So, I'm wondering, are the messages created by JGSS compatible with the
ones used by the native MIT API?
Yes. There have been bugs in Java's Kerberos
In the manual by Jim Rome, How to Kerberize your site
(http://www.ornl.gov/~jar/HowToKerb.html#Configure), all examples are in
lowercare.
So I think there might be a DNS issue, or I used the parameters of the
gss-server improperly.
The server's command line usage is
gss-server [-port port]
preetam R wrote:
Hi,
MIT kerberos code supports reading and writing
file cache format corresponding to cache type 4.
Does MS cache also support cache type 4.
Thanks,
Preetam
Microsoft does not support FILE based credential caches.
Instead Microsoft stores Kerberos credentials
On Tue, 22 Aug 2006 03:25:42 +0200
Fredrik Tolf [EMAIL PROTECTED] wrote:
On Mon, 2006-08-21 at 18:29 -0400, Michael B Allen wrote:
On Mon, 21 Aug 2006 21:48:30 +0200
Fredrik Tolf [EMAIL PROTECTED] wrote:
So, I'm wondering, are the messages created by JGSS compatible with the
ones
On Tue, 22 Aug 2006 02:08:47 GMT
Jeffrey Altman [EMAIL PROTECTED] wrote:
preetam R wrote:
Hi,
MIT kerberos code supports reading and writing
file cache format corresponding to cache type 4.
Does MS cache also support cache type 4.
Thanks,
Preetam
Microsoft does not
22 matches
Mail list logo