Hi all:
I am working with the Microsoft's Kerberos extensions in Win 2003 called
Constrained Delegation and Protocol Transition (or S4U2Self and S4U2Proxy).
Does MIT implementation has support or plans to have support of these
delegation mechanism? I could not find any relevant discussion on thi
On Wed, 5 Sep 2007, Ed Zorob wrote:
> it's hard to believe that no one developed a windows version of krb5-config
> I even emailed that author of this module ( Daniel Kouril ) few days
> ago and no reply yet.
The beauty of opensource projects is that contributions are
welcome. Here's your chanc
On Wednesday 05 September 2007, Ed Zorob wrote:
> it's hard to believe that no one developed a windows version of krb5-config
> I even emailed that author of this module ( Daniel Kouril ) few days
> ago and no reply yet.
1. The mailinglist [EMAIL PROTECTED] can
be used for discussing mod_auth_k
it's hard to believe that no one developed a windows version of krb5-config
I even emailed that author of this module ( Daniel Kouril ) few days
ago and no reply yet.
On 9/5/07, Jeffrey Altman <[EMAIL PROTECTED]> wrote:
> Achim Grolms wrote:
> > On Wednesday 05 September 2007, Jeffrey Altman wrot
Just to clarify. Are you attempting to serve two realms
from the same KDC?
Anthony Brock wrote:
>
> # klist -k FILE:/etc/krb5kdc/kadm5.keytab | egrep
> 'STERLINGCGI.COM|SCGROUP.ORG'
>3 kadmin/[EMAIL PROTECTED]
>3 kadmin/[EMAIL PROTECTED]
>3 kadmin/[EMAIL PROTECTED]
>3 kadmin/[EMAI
> -Original Message-
> Anthony Brock <[EMAIL PROTECTED]> wrote:
> > No, the entire network is on a single, private IP address range. In
> > fact, I'm trying these particular commands on the same host that
> > kadmind is running on. However, the behavior is identical from a
> > remote host.
Singh wrote:
> Dear all,
>
> We are having an issue in our environment, I would be really obliged
> if someone can propose a solution to what we mightbe doing wrong.
>
> In essence Kerberos single sign on to a Java application using the MS
> IE browser will only work if the "use automatic confi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The MIT Kerberos Team has discovered a problem with the originally
published patch for svc_auth_gss.c [CVE-2007-3999], which allowed a
32-byte overflow. Depending on the compilation environment and
machine architecture, this may or may not be a signif
Achim Grolms wrote:
> On Wednesday 05 September 2007, Jeffrey Altman wrote:
>
>> MIT KFW ships with an SDK in the installer. However, the layout of the
>> header and library files is different from the UNIX installation. There
>> is no krb5-config.exe to report the build and installation details
1. everything will work as soon as the Kerberos server comes back online
2. Kerberos can replicate to slave servers with failover to ensure
reliability
3. On Linux, PAM can be configured to allow for fall-through if Kerberos
fails. This is how root normall logs in. The problem is that this
requires
I am very new to kerberos so please forgive me...
One of my co-workers is telling me that if you implement kerberos in our
Linux infrastructure we will be in a serious bind of the network connection
between work servers and the kerberos server or if the kerberos server dies
we will be locked out
On Wednesday 05 September 2007, Jeffrey Altman wrote:
> MIT KFW ships with an SDK in the installer. However, the layout of the
> header and library files is different from the UNIX installation. There
> is no krb5-config.exe to report the build and installation details
Why?
Miguel Sanders <[EMAIL PROTECTED]> writes:
> I was just wondering how Kerberos reacts to IP aliases (virtual IP
> addresses). Do you have to create a host principal for the virtual
> hostname aswell?
Generally, yes.
Kerberos itself doesn't know anything about such things and just
authenticates
Roman - the following may help.
On 05/09/2007, at 4:45 PM, [EMAIL PROTECTED] wrote:
On 4 Sep., 20:26, "Christopher D. Clausen" <[EMAIL PROTECTED]> wrote:
Michael B Allen <[EMAIL PROTECTED]> wrote:
On 9/4/07, Roman S <[EMAIL PROTECTED]> wrote:
I've configured a Microsoft Active Directory
Dear all
I was just wondering how Kerberos reacts to IP aliases (virtual IP
addresses).
Do you have to create a host principal for the virtual hostname
aswell?
Any information on this would be grately appreciated.
Thnx
Miguel
Kerberos mailing lis
Anthony Brock <[EMAIL PROTECTED]> wrote:
> No, the entire network is on a single, private IP address range. In
> fact, I'm trying these particular commands on the same host that
> kadmind is running on. However, the behavior is identical from a
> remote host.
Does kpasswd work on the KDC itself fo
Dear all,
We are having an issue in our environment, I would be really obliged
if someone can propose a solution to what we mightbe doing wrong.
In essence Kerberos single sign on to a Java application using the MS
IE browser will only work if the "use automatic configuration script"
option is ti
Ed Zorob wrote:
> Guys,
> I need to get mod_auth_kerb.so file for windows environment. using the
> (MinGW/Msys) compiler on windows during ./configure it's asking for
> Kerberos environment. but I have MIT Kerberos installed already on the
> box.
> help ?
> thanks
>
MIT KFW ships with an SDK in th
Guys,
I need to get mod_auth_kerb.so file for windows environment. using the
(MinGW/Msys) compiler on windows during ./configure it's asking for
Kerberos environment. but I have MIT Kerberos installed already on the
box.
help ?
thanks
Kerberos maili
> "RS" == Roman Schoenbichler <[EMAIL PROTECTED]> writes:
RS> On 4 Sep., 20:26, "Christopher D. Clausen" <[EMAIL PROTECTED]>
RS> wrote:
>> Michael B Allen <[EMAIL PROTECTED]> wrote:
>>
>>
>>
>> > On 9/4/07, Roman S <[EMAIL PROTECTED]> wrote:
>> >> I've config
I have one server it has always sync with KDC. So I will get that system
time from server for my client machine and use it in Kerberos Protocol
exchange. I think it is possible where ever Kerberos Client Protocol
referring local machine time (Client machine) I can use this time to
generate tkt's i
On Aug 28, 2007, at 20:56, Booker C. Bense wrote:
> This cam up in a recent discussion. I can dig in the code, but I
> can't dig in all the code. So is there a safe way to put comments in
> a .k5login file?
There isn't a comment syntax, per se, in the MIT code, but the lines
of the file are just
On 4 Sep., 20:26, "Christopher D. Clausen" <[EMAIL PROTECTED]> wrote:
> Michael B Allen <[EMAIL PROTECTED]> wrote:
>
>
>
> > On 9/4/07, Roman S <[EMAIL PROTECTED]> wrote:
> >> I've configured a Microsoft Active Directory with LDAP and Kerberos,
> >> and some Linux (Redhat) clients who authenticate
23 matches
Mail list logo
