Hi All,
To what I have heard is that US Daylight Savings Time (DST) is being
extended by 4 weeks in 2007; this will affect all systems and applications
that process dates and times. Will that affect MIT Kerberos product , in a
way that the product will require a FIX. Or is it that MIT Kerberos
I tried to use kinit [EMAIL PROTECTED]@DOMAIN.COM (\\ escapes @) with
MIT against AD where the userprincipalname is set to the email address but
failed, whereas I can login on XP using the email address. I found that MS
uses a principal type 10 (= enterprise name). Is this anywhere defined in a
Followup: I'm still seeing the message stream modified error on Linux. I
turned on debugging in the ldap.conf file to get some more details. I ran
getent passwd, which attempts a SASL/GSSAPI bind to Active Directory.
Looking through the verbose messages on the screen, everything looks OK
Vipin Rathor wrote:
Hi All,
To what I have heard is that US Daylight Savings Time (DST) is being
extended by 4 weeks in 2007; this will affect all systems and applications
that process dates and times. Will that affect MIT Kerberos product , in a
way that the product will require a FIX. Or is
Vipin Rathor wrote:
Hi All,
To what I have heard is that US Daylight Savings Time (DST) is being
extended by 4 weeks in 2007; this will affect all systems and applications
that process dates and times. Will that affect MIT Kerberos product , in a
way that the product will require a FIX. Or is
On Friday, October 13, 2006 09:54:19 AM -0400 Danny Mayer
[EMAIL PROTECTED] wrote:
What are you talking about? Timezones are local display issues. When you
go from summer time to winter time and visa versa do you see issues? All
applications use UTC which doesn't care about timezones.
On Friday, October 13, 2006 07:45:17 PM +0100 Markus Moeller
[EMAIL PROTECTED] wrote:
I tried to use kinit [EMAIL PROTECTED]@DOMAIN.COM (\\ escapes @)
with MIT against AD where the userprincipalname is set to the email
address but failed, whereas I can login on XP using the email address.
I have seen the message stream modified message in cases where two AD DC's
didn't synchronise correctly and had one had corrupted DES keys.
Markus
degnan78 [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Followup: I'm still seeing the message stream modified error on Linux.
I
Thanks for clarifying. I got the following reply
kinit(v5): Client not found in Kerberos database while getting initial
credentials
The only real difference I could see in the AS REQ is that XP uses type 10
and kinit use type 1.
Regards
Markus
Jeffrey Hutzelman [EMAIL PROTECTED] wrote in
If I change the MIT code (set the type to 10 in parse.c) I can get a ticket
with my email address as principal name.
Regards
Markus
Markus Moeller [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Thanks for clarifying. I got the following reply
kinit(v5): Client not found in
Is there a kerberized tcpserver or inetd program out there? What I'd
like to do is kerberize an rsync file transfer session without having to
go through ssh. It also seems like having such a program would be
useful to kerberize any services that are already written with inetd or
tcpserver in
Matthias,
could you try and set principal.type = 10 just before the following line in
mod_auth_kerb and try to login with [EMAIL PROTECTED]
ret = krb5_get_init_creds_password(context, creds, principal,
(char *)password, NULL,
On Friday, October 13, 2006 05:05:37 PM -0400 Wesley Chow
[EMAIL PROTECTED] wrote:
Is there a kerberized tcpserver or inetd program out there? What I'd
like to do is kerberize an rsync file transfer session without having to
go through ssh. It also seems like having such a program would
Jeffrey Hutzelman wrote:
On Friday, October 13, 2006 09:54:19 AM -0400 Danny Mayer
[EMAIL PROTECTED] wrote:
What are you talking about? Timezones are local display issues. When you
go from summer time to winter time and visa versa do you see issues? All
applications use UTC which
Jeffrey Hutzelman wrote:
Kerberos only provides authentication and a shared secret. To properly
kerberize an application protocol, it has to protect its commands and
data from tampering by actually _doing_ something with that secret.
There are a number of tools out there, including
15 matches
Mail list logo
