Markus Moeller <[EMAIL PROTECTED]> writes:
> From: "Russ Allbery" <[EMAIL PROTECTED]>
>> I'm pretty sure this is not the case. The PAM module just calls
>> krb5_verify_init_creds, and at least in the MIT implementation, it uses
>> whatever key it can find in the keytab to do the verification. It
On Jun 1, 2007, at 12:00 PM, Markus Moeller wrote:
>
> "Henry B. Hotz" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>>
>> On May 31, 2007, at 11:25 AM, Markus Moeller wrote:
>>
>>> I have a AD forest with MM.COM with domains
>>> DOM1.MM.COM,DOM2.MM.COM and
>>> SUB.DOM2.MM.COM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri 2007-06-01 13:32:56 -0400, Jeffrey Altman wrote:
> I do want to state that as a KDC administrator would have serious
> concerns with the use of SSH keys as a method of authenticating a
> user to my realm. Users do not generate unique keys for
Markus Moeller <[EMAIL PROTECTED]> writes:
> 1) The application runs as non root and I'd like to use the keytab check
> to verify that it came from the right kdc. At the moment your code
> allows to change the keytab file itself but not the service. It always
> looks for the host principal. Can yo
Russ,
can I make two feature requests ?
We have applications using pam for user authentication who want to move to
Kerberos. pam-krb5 would be a good option but I have two problems:
1) The application runs as non root and I'd like to use the keytab check to
verify that it came from the right k
Hi,
We need to set up our own DNS server where our domain would be like "
mydomain.com".
Our unix machine name should become "galaxy.mydomain.com" where galaxy is
the hostname.
This unix machine should be able to resolve names for the services like
a.mydomain.com or b.mydomain.com running on this
Thank you; I suspected it's probably a virus.
I'll try the search.
LJG
-Original Message-
From: Jeff Saxton [mailto:[EMAIL PROTECTED]
Sent: Friday, June 01, 2007 1:22 PM
To: Ken Raeburn
Cc: Linda Grady; kerberos@mit.edu
Subject: Re: Unauthorized Introduction of Kerberos into A Private
Per
Adam Megacz <[EMAIL PROTECTED]> wrote:
> John Hascall <[EMAIL PROTECTED]> writes:
>> How many of the top-10 use Kerberos?
>> And what exactly is the top-10 (which list?)(
>> For the sale of argument lets say they are:
>
> Well, based on AFS usage (which requires Kerberos right now), all of
> the sc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Some viruses look like Kerberos to the anti-virus software, search the list
archives
Ken Raeburn wrote:
> On Jun 1, 2007, at 9:57, Linda Grady wrote:
>> My home computer has been infected with Kerberos software by an
>> outsider
>> or group of outs
Adam Megacz <[EMAIL PROTECTED]> writes:
> John Hascall <[EMAIL PROTECTED]> writes:
>> How many of the top-10 use Kerberos? And what exactly is the top-10
>> (which list?)( For the sale of argument lets say they are:
> Well, based on AFS usage (which requires Kerberos right now), all of
> the sch
On Jun 1, 2007, at 9:57, Linda Grady wrote:
> My home computer has been infected with Kerberos software by an
> outsider
> or group of outsiders. I am a single user pc, not networked to any
> other computers, and I do not wish to be networked to any other
> computers. The software, since being
Adam Megacz wrote:
> Thanks for taking the time to reply, Russ.
>
> Russ Allbery <[EMAIL PROTECTED]> writes:
>> PKINIT already exists and is already standardized,
>
> Hrm, last I checked there was no RFC, just an internet-draft.
RFC 4456
http://www.ietf.org/rfc/rfc4556.txt
>> so using X.509 certifi
I realize that you may not be able to respond to this email personally;
however, I have not had much luck with public listservs or news groups
in the past.
My home computer has been infected with Kerberos software by an outsider
or group of outsiders. I am a single user pc, not networked to any
Ken Hornstein <[EMAIL PROTECTED]> writes:
> I may be an extreme case, but I have 20 cross-realm keys.
How many of those keys belong to administratively independent
organizations (ie if your home realm is part of .mil, how many of
those keys are for civilian organizations?) I'll readily concede t
John Hascall <[EMAIL PROTECTED]> writes:
> How many of the top-10 use Kerberos?
> And what exactly is the top-10 (which list?)(
> For the sale of argument lets say they are:
Well, based on AFS usage (which requires Kerberos right now), all of
the schools on your list except UT Austin must have a
Thanks for taking the time to reply, Russ.
Russ Allbery <[EMAIL PROTECTED]> writes:
> PKINIT already exists and is already standardized,
Hrm, last I checked there was no RFC, just an internet-draft.
> so using X.509 certificates is much easier than using ssh private
> keys.
Perhaps for adminis
Adam Megacz <[EMAIL PROTECTED]> writes:
> Date:Thu, 31 May 2007 19:14:50 PDT
> To: kerberos@mit.edu
> From:Adam Megacz <[EMAIL PROTECTED]>
> Subject: Use ssh key to acquire TGT?
>
> I know the idea will make some people recoil in horror, but are there
> any KDCs or patches out there t
>One of these days I'm going to request (for HCOOP) crossrealm trusts
>with the top 10 computer science universities in the USA [*] and
>document (a) my success rate, (b) how many emails it took, and (c) how
>many months from first request to working trust entry. Hopefully a
>published case study
On Fri, Jun 01, 2007 at 06:59:04AM -0500, John Hascall wrote:
>
> But, your point is well taken. Perhaps
> what would be more useful is if somebody
> like educase served as a central crossrealm
> hub (everyone exchanges keys with them and
> gets a current capaths file).
>
I've often considered
> One of these days I'm going to request (for HCOOP) crossrealm trusts
> with the top 10 computer science universities in the USA [*] and
> document (a) my success rate, (b) how many emails it took, and (c) how
> many months from first request to working trust entry. Hopefully a
> published case
20 matches
Mail list logo