Unfortunately, I don't have any Debian systems so I don't know what their
default configuration looks like. Take a look in your /var/log/messages
(or equivalent) and see if PAM is spitting out any useful information. If
there are messages, paste them here with your PAM config.
> Hello Mike,
Thanks Markus
One final question: which version of Windows 2003 are you using and
which steps did you perform to set up the realm trust. Is it as I
described? Just asking to be sure :)
Markus Moeller wrote:
> My krb5.conf file
>
> [libdefaults]
> default_realm = UNIX.COM
> dns_look
On debian you'd want to look in /var/log/auth.log
Can you kinit as root on this system?
Also, try running a debug sshd vis:
sshd -ddd -D -p 222
and connect with putty using:
putty -P 222 [EMAIL PROTECTED]
Read through the debug output and see if there is anything useful in
there.
< wrote:
> Un
What version of JDK are you using ? Sun's implementation of Java GSS
includes support for SPNEGO starting from Java SE 6.
Has the SPN been setup correctly ?
Seema
Michael B Allen wrote On 11/06/06 11:26,:
>I wrote an SPNEGO Java Servlet Filter that decodes the SPNEGO token,
>plucks out the krb
The algorithm names for Kerberos RC4-HMAC encryption type are:
- rc4-hmac
- arcfour-hmac
- arcfour-hmac-md5
Makes sure you have setup the Kerberos account and Kerberos
configuration to use RC4-HMAC encryption type.
Seema
Michael B Allen wrote On 11/06/06 20:33,:
>What is the algorithm name for
Hi Guru,
I just finish setting up a kerberos authentication; however, I seem to
have a problem to get my initial credential to work. I follow the
step-by-step procedure in the url below & it still doesn't work.
According to the error msg, it looks like my pam.conf & krb5.conf files
don't configur
Hi Seema,
I have narrowed things down quite a bit. If I use Firefox which uses
raw kerberos tokens I still get the same error which means that this
has nothing to do with SPNEGO. If I run the Filter in Jetty on Linux it
works. So there's something about Tomcat / Windows / Java on Windows. On
site
Chris,
You might try changing your domian_realm section to look a little more like
this:
[domain_realm]
whatever.com = WHATEVER.COM
.whatever.com = WHATEVER.COM
Eddie
Chris cc wrote:
Hi Guru,
I just finish setting up a kerberos authentication; however, I seem to
have a problem
On Tue, Nov 07, 2006 at 02:10:20PM -0800, Chris cc wrote:
> Hi Guru,
>
> I just finish setting up a kerberos authentication; however, I seem to
> have a problem to get my initial credential to work. I follow the
> step-by-step procedure in the url below & it still doesn't work.
> According to the
Will,
I use sol 10 + latest patches. I have followed your suggestions and I'm still
in the dark. I'm also not able to ping KDC as you ask. At this point, I have
no ideas where else to troubleshoot. Any helps are really appreciated.
Thanks,
-Chris
>
> I'd like my AD users to be able to t
On Tue, Nov 07, 2006 at 05:14:20PM -0800, Chris cc wrote:
> Will,
>
> I use sol 10 + latest patches. I have followed your suggestions and I'm
> still in the dark. I'm also not able to ping KDC as you ask. At this point,
> I have no ideas where else to troubleshoot. Any helps are really appre
I believe this problem must be a bug in Java for Windows.
All of the GSS examples use the default credentials of the user running
the server. I do not. I created a KerberosKey from a password and acquired
the GSSCredential through Subject.doAsPriviledged. Again the Filter works
on Linux this way j
12 matches
Mail list logo
