Hi Friends,
Recently I set up the whole kerberos system using MIT kerberos 1.6.1. When I
run the kinit command i observe the results on ethereal.
Following is my observation:
$kinit username
I observe that as soon as I enter above command, ethereal captures 2 packets
namely KRB5_AS_REQ and
Hi All
That did the trick, recompiling krb5-1.5 (on RHEL5 64bit) with that
patch.
Now I only have the problem that mod_auth_kerb don't write my
credentials to KRB5CCNAME (in PHP).
My kerbtray under windows says it is Forwardable but no Ok to
delegate, So I guess that is the problem.
Under
On Wednesday 18 July 2007 10:01, Mikkel Kruse Johnsen wrote:
Now I only have the problem that mod_auth_kerb don't write my
credentials to KRB5CCNAME (in PHP).
Some knowledge on Credentials delegation I have stolen from
mailinglists is now part of
* Mikkel Kruse Johnsen ([EMAIL PROTECTED]) wrote:
Now I only have the problem that mod_auth_kerb don't write my
credentials to KRB5CCNAME (in PHP).
My kerbtray under windows says it is Forwardable but no Ok to
delegate, So I guess that is the problem.
Under linux they are forwardable.
Hi
The problem is that my HTTP/[EMAIL PROTECTED] is made on the MIT
kerberos server and not the AD.
So I have to set the ok-as-delegate on the MIT server, but according to
Stehpen that is not possible:
Question:
I found how to set ok-as-delegate for heimdal how is this done for MIT
kerberos ?
For an existing principal you can enable preauth from kadmin with:
modprinc +requires_preauth principalname
I don't know of a way to enable preauth globally aside from setting it
for each principal.
-Mike
Gopal Paliwal wrote:
Hi Friends,
Recently I set up the whole kerberos system using
Well, you do that and set it as a default for all new priciples.
* Mike Dopheide [EMAIL PROTECTED] [2007-07-18 08:22]:
For an existing principal you can enable preauth from kadmin with:
modprinc +requires_preauth principalname
I don't know of a way to enable preauth globally aside from
You asked how to do this is AD...
An AD admin set the TRUSTED_FOR_DELEGATION in UserAccountControl for the server.
But not just any admin can set this, who can set the bit is controlled by a
group
control policy on the DC. In 2000 you had to edit a file. In 2003 there is a
way to
set it see
Stephen Frost wrote:
* Mikkel Kruse Johnsen ([EMAIL PROTECTED]) wrote:
Now I only have the problem that mod_auth_kerb don't write my
credentials to KRB5CCNAME (in PHP).
My kerbtray under windows says it is Forwardable but no Ok to
delegate, So I guess that is the problem.
Have a look at
Hi there,
I've got krb5-1.6.1 compiled and installed on Mac OS X 10.4.10, Solaris
9 SPARC32 and Solaris 10 SPARC64. On all of them it reproduceably shows
the following behaviour:
[EMAIL PROTECTED] ~]$ /usr/local/bin/kinit
Password for [EMAIL PROTECTED]:
[EMAIL PROTECTED] ~]$
On Jul 18, 2007, at 13:49, Michael Weiser wrote:
07/18/07 19:17:14 07/19/07 05:17:01 host/sol9.example.org@
renew until 07/19/07 19:16:58
Without the domain_realm mapping, we use some code that first tries
to ask the KDC for the correct realm, using the referrals support
John Washington [EMAIL PROTECTED] sent:
Date:Wed, 18 Jul 2007 08:46:49 CDT
To: Mike Dopheide [EMAIL PROTECTED]
cc: kerberos@mit.edu
From:John Washington [EMAIL PROTECTED]
Subject: Re: Preauth mechanism provision in MIT kerberos
...
Well, you do that and set it as a default
Hi,
The solution you guys provided help me.
Though I now observe following things on ethereal.
1)for the first time krb5_AS_REQ goes whenever user enters his username.
2) Authentication server responds back by giving error as PRE_AUTH
REQUIRED
3) Now new krb5_AS_REQ request gets formed with
13 matches
Mail list logo