Hi,
My kerberos policies are not replicated along with the kerberos database
from the master to the slave KDC.
If I add a policy on the slave however, it is removed on the next
replication.
Why is it behaving like this, and how can I fix it?
The only clue I can find is in /var/kerberos/krb5kdc/fr
My application tries to renew credentials with krb5_get_renewed_cred about
every 5 minutes for the default principal. Will a following
gss_init_sec_context request a new service principal or do I need to call
krb5_get_renewed_cred also for the service principal ?
I see the following when renewi
Markus Moeller wrote:
> My application tries to renew credentials with krb5_get_renewed_cred about
> every 5 minutes for the default principal. Will a following
> gss_init_sec_context request a new service principal or do I need to call
> krb5_get_renewed_cred also for the service principal ?
>
Jeffrey,
when you say destroy tickets do you use krb5_cc_remove_cred ? How can I do
it for memory caches as remove_cred isn't supported.?
Thank you
Markus
- Original Message -
From: "Jeffrey Altman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc:
Sent: Monday, September 10, 2007 8:27
Markus Moeller wrote:
> Jeffrey,
>
> when you say destroy tickets do you use krb5_cc_remove_cred ? How can
> I do it for memory caches as remove_cred isn't supported.?
>
> Thank you
> Markus
You can copy the TGT to a new ccache, renew it, if successful, destroy
the old ccache and copy the creds bac
Russ Allbery wrote:
> In some cases the client will just use whatever hostname is given on
> the command line, but in many cases it will do a forward and reverse
> DNS lookup to canonicalize the hostname (although this is less
> secure if you can't trust DNS, and most people can't). So in
> practi
Mark Davies <[EMAIL PROTECTED]> writes:
> Russ Allbery wrote:
>> In some cases the client will just use whatever hostname is given on
>> the command line, but in many cases it will do a forward and reverse
>> DNS lookup to canonicalize the hostname (although this is less secure
>> if you can't tru
I have an application running on w2k3 compiled with VisualStudio 2005
Express Edition which calls gss_init_sec_context from different threads with
a memory cache and I get from time to time the following if I run it under
debug in VS 2005:
First-chance exception at 0x77e55e02 in thread_test.exe
Markus Moeller wrote:
> I have an application running on w2k3 compiled with VisualStudio 2005
> Express Edition which calls gss_init_sec_context from different threads with
> a memory cache and I get from time to time the following if I run it under
> debug in VS 2005:
Do you see the same proble
On Tue, 11 Sep 2007, Russ Allbery wrote:
> I patched mod_auth_kerb a long time back to do this and thought
> that patch was incorporated into the upstream source, but
> apparently it wasn't. You have to patch it to not explicitly
> import credentials and instead let the GSS-API library figure out
10 matches
Mail list logo
