Re: Compiling krb5-1.6 for Windows

2007-01-31 Thread Sam Hartman
Peger, == Peger, Daniel Heinrich [EMAIL PROTECTED] writes: Peger, Hi, Yes the build environment for KfW is pretty badly broken at least the 3.0 environment which is what I ended up building (using VS 2005). Peger, Acutally i'm not trying too compile KfW but Kerberos

KfW 3.1: kinit.exe, krb5.ini and ticket_lifetime

2007-01-31 Thread Jay Stamps
Hi all: We're adding a line to the [libdefaults] stanza in our site-wide krb5.conf file to keep the Macs happy: ticket_lifetime = 25h Our realm default is 25 hrs, but the Mac K5 client will go w/ 10 hrs unless its conf file (/Library/Preferences/edu.mit.Kerberos) instructs it otherwise.

Re: No Kerberos environment found

2007-01-31 Thread Sam Hartman
Gayal == Gayal [EMAIL PROTECTED] writes: Gayal I was able to initialise and create the kerberos database Gayal using; bash# /usr/Kerberos/sbin/kdb5_util create -s Um, you're doing something very strange here./usr/kerberos does not exist on a Debian system.

Re: One Time Identification, a request for comments/testing.

2007-01-31 Thread Nicolas Williams
On Thu, Feb 01, 2007 at 07:51:47AM +1100, Andrew Bartlett wrote: I think developing a cross-platform USB 'tumb drive' based soft token would be an immense benefit. It could make PKINIT real for many small sites that do not yet wish to invest in a token stack, and perhaps more importantly,

Re: One Time Identification, a request for comments/testing.

2007-01-31 Thread Nicolas Williams
On Thu, Feb 01, 2007 at 08:21:49AM +1100, Andrew Bartlett wrote: What do you mean by cross-platform? Works with windows desktops too :-) But I think this means that you want the format of the softtoken to be open and implementable by multiple implementors. Love also has a PKCS#11

Re: One Time Identification, a request for comments/testing.

2007-01-31 Thread Nicolas Williams
On Wed, Jan 31, 2007 at 08:42:43AM -0600, Douglas E. Engert wrote: What keeps a user from copying the identity token from the USB device to a local or shared file system to avoid having to insert the USB device all the time? What are the security implications if the identity token is

Kerberos environment under windows

2007-01-31 Thread Peger, Daniel Heinrich
Hi, this may be a stupid question but I didn't succeed in finding an answer till now. How do I tell a C/C++ (using GSSAPI) app what my current kerberos environment is? For testing purposes I don't want to use the standard environment but authenticate against a test kerberos setup, which needs to

Re: Kerberos environment under windows

2007-01-31 Thread Christopher D. Clausen
Peger, Daniel Heinrich [EMAIL PROTECTED] wrote: How do I tell a C/C++ (using GSSAPI) app what my current kerberos environment is? For testing purposes I don't want to use the standard environment but authenticate against a test kerberos setup, which needs to be specified somwhere. Edit the