Re: 'host' principals

On Mon, Jan 08, 2007 at 10:12:15PM -0500, Ken Hornstein wrote: > I think most people would agree that "host" should be used for the > traditional "logging into a remote system" type of things that Unix > users are used to. So, the common uses of "host" that I know about > are Kerberos telnet, Kerb

KDC_ERR_BADOPTION

Hello There; I'm facing a problem with Kerberos Event id: 7, 3. event ID 3 is explaining the Event ID 7 after enabling the Kerberos logging. Anyway, here is my infrastructure: Win 2003 DC1 + Clustered SQL 2000 Installed Win 2003 DC2 + Clustered SQL 2000 Installed Win 2003 Web 1 (M

test posting

Howdy all ... this is a test posting to the Kerberos mailing list to see if the email<->news gateway is fixed. Please ignore. --Ken Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MIT krb5 Security Advisory 2006-002 Original release: 2007-01-09 Last update: 2007-01-09 Topic: kadmind (via RPC library) calls uninitialized function pointer Severity: CRITICAL CVE: CVE-2006-6143 CERT: VU#481564 SUMMARY ===

MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MIT krb5 Security Advisory 2006-003 Original release: 2007-01-09 Last update: 2007-01-09 Topic: kadmind (via GSS-API mechglue) frees uninitialized pointers Severity: CRITICAL CVE: CVE-2006-6144 CERT: VU#831452 SUMMARY === Th

Test #2

This is test #2 of the Kerberos email->news gateway. Please ignore. --Ken Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

Solaris 9 latest OEM SSH + pam_krb5.so.1

Does anyone have a guess as to what I am doing wrong? MIT Kerberos 1.5.1 Solaris 9 OEM SSH (latest patch cluster) with 'PAMAuthenticationViaKBDInt yes' and a pam.conf as such (which clearly gets hit): # Start pam.conf snippet sshd-kbdint auth requisitepam_authtok_get.so.1 sshd-kbdint aut

krb5-1.6 is released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.6. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERB

krb5-1.5.2 is released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.5.2. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KE

Re: "If you choose to install a stash file..."

Sorry to be late for this discussion of the stash file. In addition to needing to enter a passphrase to launch krb5kdc (with the -m option), it looks like kdb5_util will also need a passphrase, understandably. This means that the traditional cronjob-triggered kprop -> kpropd replication won't wor