Is there any means of storing Kerberos Principals in LDAP? Even if its
just something that uses the krb5_util dump utility to push/pull
Principals from LDAP to the principal stash? Heimdal is not a
possibility for me.
Kerberos mailing list
MaURiCe wrote:
> Hello,
> I am trying to get username information by using
> User.Identity.Name.ToString, if i logged in with username to given
> network place, it is ok! It returns SERVERNAME/username.
> Otherwise if I logged in with "[EMAIL PROTECTED]" it again
> returns SERVERNAME/username al
Sandeep Bhardwaj wrote:
> Hi
> thanks for you response
> the max MTU supporte by the VSAT modem in 1500= 1480+20header and we are
> not
> using VPNor IPSEC
> but i tried putting a route with simple gre tunnel and system worked..
> we were using some sort of header compressing a Bandwidth saving
Hello,
I am having some queries regarding the new Kerberos release 1.5.
1. Where can I learn more about , the new feature KDB abstraction layer,
donated by Novell included in the Krb5-1.5 release ?
2. Also wanted to know if MIT Kerberos 1.5 release adheres to RFC 4120 and
RFC 4121 ? I was not abl
When you stated
> It is said to originated from Kerberos Authentication...
you are indicating strong evidence from the security event
logs showing that the login was negotiated to and did then
successfully use Kerberos, not NTLM ??
"MaURiCe" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTE
John User wrote:
> I am having no luck setting up kerberos/spnego sso:
> The players:
>
> win2k3 AD box
> win xp client running IE 6 and latest firefox
> Weblogic 8.1 on a redhat box.
> Client trying to access resource on WLS:
>
> tcpdump shows WLS sending "WWW-Authenticate :
> Negotiate" in resp
Hello,
I am trying to get username information by using
User.Identity.Name.ToString, if i logged in with username to given
network place, it is ok! It returns SERVERNAME/username.
Otherwise if I logged in with "[EMAIL PROTECTED]" it again
returns SERVERNAME/username although i want it to return
"na
Thank you for your answer but is there any other option that we can
solve it by changing the settings of IIS...
Moris
Brian Desmond [MVP] wrote:
> IIS must be making the translation internally from the UPN to the
> sAMAccountName. It's not hard to get the UPN given the WindowsIdentity
> object tha
IIS must be making the translation internally from the UPN to the
sAMAccountName. It's not hard to get the UPN given the WindowsIdentity
object that you have at hand, and relying on the UPN for the user's true
name is bad programming practice IMHO.
My recommendation is to search AD for that use
Hi
thanks for you response
the max MTU supporte by the VSAT modem in 1500= 1480+20header and we are not
using VPNor IPSEC
but i tried putting a route with simple gre tunnel and system worked..
we were using some sort of header compressing a Bandwidth saving feature we
had to disable that also may b
"Christopher D Clausen" <[EMAIL PROTECTED]> writes:
> Last night I found out the hard way that if a user creates a .k5login
> file that isn't correct, (has Windows linebreaks or has multiple
> pricipal names on the same line) that they cannot login at all to
> systems using pam-krb5 for authentica
Christopher D. Clausen wrote:
> Similarly, I've been completely locked out of systems if there are
> syntax errors in the krb5.conf file and I've seen Windows BSOD if the
> system krb5.ini isn't correct. Is there no way to have a fail-safe
> method of operation?
If you ever have Windows BSOD w
If you are using system property "java.security.krb5.conf" to specify
the Kerberos configuration file, and have defined only rc4-hmac as the
encryption type, but your AD account is configured for DES, you will get
an error.
Seema
Michael B Allen wrote On 09/05/06 12:35,:
>On Tue, 05 Sep 2006
Last night I found out the hard way that if a user creates a .k5login
file that isn't correct, (has Windows linebreaks or has multiple
pricipal names on the same line) that they cannot login at all to
systems using pam-krb5 for authentication. (This is on Ubuntu 6.06 on
x86.) Further, no erro
On Tue, 5 Sep 2006 22:30:33 -0700 (PDT)
John User <[EMAIL PROTECTED]> wrote:
>
> Maybe a step closer:
> when running ktpass used crypto type des-crc-md5
> There is now a session ticket avaiable to both IE and
> firefox.
I don't really understand this since IE nor FF have knowledge of the
enctyp
15 matches
Mail list logo
