Hi Christopher,
I am following some white papers that i found on the net to set kerberos. I
used the following command to create the database:
/usr/sbin/kdb5_util create -r SCOTTY.COM -s
yet i cant see the cache file.. moreover the rest of the white papers arent
leading me to any correct solu
On Feb 2, 10:05am, Jim Rees wrote:
} Subject: Re: One Time Identification, a request for comments/testing.
Hi Jim, hope the weekend is going well for you.
> So would it be fair say this is sort of like using a smartcard in that you
> need both possession of the token and knowledge of a PIN?
Jeff
On Feb 2, 9:48am, Ken Renard wrote:
} Subject: Re: One Time Identification, a request for comments/testing.
Hi Ken, thanks for the note, hope the week went well for you.
> > The identity token is included in an identification payload which
> > is symmetrically encrypted and included in the AS_
--On February 2, 2007 5:38:37 PM -0500 Michael B Allen <[EMAIL PROTECTED]>
wrote:
> On Fri, 02 Feb 2007 12:03:24 -0800
> Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote:
>
>> "The system could not log you on. Make sure your User name and domain
>> are correct, then type your password again."
>>
Good day everyone:
I am throughly enjoying this thread.
Mr. Wettstein, your reference to the manner in which people ensure
they do not forget their tokens is, to say the least appropriate
but please keep in mind that our tokens come in many form factors.
- Calculator style (RB)
- Dongle style (K
On Fri, 02 Feb 2007 12:03:24 -0800
Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote:
> "The system could not log you on. Make sure your User name and domain
> are correct, then type your password again."
>
> Well, I'm sure both are correct, and I'm sure my password is correct,
> too, because the KD
On 2/2/07, Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote:
>
> Principal: host/[EMAIL PROTECTED]
> Expiration date: [never]
> Last password change: Thu Jun 29 11:16:19 PDT 2006
> Password expiration date: [none]
> Maximum ticket life: 1 day 01:00:00
> Maximum renewable life: 7 days 00:00:00
> Last m
Kevin Coffman <[EMAIL PROTECTED]> writes:
> On 2/2/07, Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote:
>> Any thoughts on why identical setups aren't working much appreciated.
>> One other detail since I first sent this out -- My home system will now
>> not allow me to become the member of a domai
--On February 2, 2007 4:41:23 PM -0500 Kevin Coffman <[EMAIL PROTECTED]>
wrote:
> On 2/2/07, Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote:
>>
>> Any thoughts on why identical setups aren't working much appreciated.
>>
>>
>> One other detail since I first sent this out -- My home system will no
On 2/2/07, Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote:
>
> Any thoughts on why identical setups aren't working much appreciated.
>
>
> One other detail since I first sent this out -- My home system will now not
> allow me to become the member of a domain, either.
Have you ruled out a firewall
I'm resending this to the list, because apparently the newsgroup->list
process isn't working, and it seems a large number of people don't read the
newsgroup. ;)
So, after finally getting my work windows system to talk to our MIT
KDC, I thought I'd try and get my new home system to do that, too.
On Fri, 2 Feb 2007 [EMAIL PROTECTED] wrote:
> That being said I'm certainly no IETF politician.
Good. Neither are the rest of us, for the most part. What we are is
engineers trying to produce quality network protocol standards, preferably
in non-infinite amounts of time. If you have something
John Rudd wrote:
>
>
> Perhaps I'm completely wrong, but ...
>
>...
>
> I think a more interesting approach would be a non- "dumb data stick"
> approach. It might start to sound like a variation of a smartcard, but
> why not think about a new USB device that's perhaps about the size of a
On Feb 1, 5:15pm, Jeffrey Hutzelman wrote:
} Subject: Re: One Time Identification, a request for comments/testing.
Good day to everyone.
> On Thursday, February 01, 2007 03:06:21 PM -0600 [EMAIL PROTECTED] wrote:
>
> >> What keeps a user from copying the identity token from the USB
> >> device
On Fri, Feb 02, 2007 at 10:16:28AM -0800, John Rudd wrote:
> It seems to me that if you're talking about a simple dumb USB thumb
> drive/data stick, that you're not going to be able to do anything to
> prevent an adversary from copying that data to a local host, and then
> brute-forcing the data
> The identity token is included in an identification payload which
> is symmetrically encrypted and included in the AS_REQ authorization
> field.
Any reason why this couldn't be implemented as a preauthentication
type (especially with the PAL in 1.6)? Might give you more
flexibility with
So would it be fair say this is sort of like using a smartcard in that you
need both possession of the token and knowledge of a PIN? And that the KDC
guards the PIN against brute force guessing, because each guess requires a
transaction against the KDC? So stealing the token gets the attacker
not
Perhaps I'm completely wrong, but ...
It seems to me that if you're talking about a simple dumb USB thumb
drive/data stick, that you're not going to be able to do anything to
prevent an adversary from copying that data to a local host, and then
brute-forcing the data over time. So, essentia
On Friday, February 02, 2007 10:05:09 AM -0500 Jim Rees <[EMAIL PROTECTED]>
wrote:
> So would it be fair say this is sort of like using a smartcard in that you
> need both possession of the token and knowledge of a PIN? And that the
> KDC guards the PIN against brute force guessing, because ea
Hi,
The OS is WINxp-service pack2 .
As far as I my understanding goes once the TGT is received from the KDC(AS),
the first thing that happens for a domain login is that a TGS-REQ is sent so
that the use can authenticate to the local work station.
What I am seeing here is that, the TGS-REP w
20 matches
Mail list logo
