Hi, i am new to this forum. So if i am writting to wrong thread please don't
blame me.
The question i have is following:
i have msktutil which must generate keytab file for authentication against AD
(active directory).
Manual says: just type msktutil --create and keytab file will be
Michael Lysenko wrote:
Hi, i am new to this forum. So if i am writting to wrong thread please don't
blame me.
The question i have is following:
i have msktutil which must generate keytab file for authentication against AD
(active directory).
Manual says: just type msktutil --create
Barry King wrote:
I'm looking for a way to use a combination of kerberos ldap authentication
for (primarily Fedora 8) Linux workstations. My goal is to have an
automated install that will allow users to authenticate to kerberos
immediately after install, without the need to create host
I am trying to set a policy for users. One of our requirements is
that passwords not be reused for at least 1 year (we change passwords
every 30 days). The problem seems to be that the -history parameter
cannot be greater then 9. Is this something I am doing wrong or is
this indeed a
Hi,
If possible, please point me to some successful documentation where Kerberos V
is used to setup Single Sign-On using Windows 2003 ADS and AIX SAP servers. We
would like to be able to authenticate from our desktop via ADS and then click
on a SAP system from the SAP Login Pad and achieve
Rick,
Please check http://www.cybersafe.com/d2 and also
http://www.cybersafe.com/links/snc.htm
Please let me know if you would like to evaluate the solution described
on above websites. It is fully supported and SAP certified and available
for AIX 5L.
Regards,
Tim
-Original Message-
Hi folks,
I'm having a real hard time debugging this, and the moment I think it's a
Kerberos config problem, and not really LDAP.
I'm trying to do a new ldap+MIT kerberos install , on a new Fedora 7 box. I
can kinit, but I can't get ldapsearch or ldapwhoami to work locally. I
thought it was a read
I am trying to set a policy for users. One of our requirements is
that passwords not be reused for at least 1 year (we change passwords
every 30 days). The problem seems to be that the -history parameter
cannot be greater then 9. Is this something I am doing wrong or is
this indeed a
On 16 Jan 2008, at 21:32, Srinivas Kakde wrote:
I
think there must be equivalence between permission required create a
principal on
a KDC and the permission required associate the service principal
name
with network binding information. I think this is an interesting area
of study.
Ok. Thank you.
- Original Message
From: Simon Wilkinson [EMAIL PROTECTED]
To: Srinivas Kakde [EMAIL PROTECTED]
Cc: kerberos@mit.edu
Sent: Thursday, January 17, 2008 2:44:12 AM
Subject: Re: Is SPN advertisement or well-known SPNs a security hole?
On 16 Jan 2008, at 21:32, Srinivas
Hi folks,
I'm having a real hard time debugging this, and the moment I think it's a
Kerberos config problem, and not really LDAP.
I'm trying to do a new ldap+MIT kerberos install , on a new Fedora 7 box. I
can kinit, but I can't get ldapsearch or ldapwhoami to work locally. I
thought it was a read
Charles Hymes [EMAIL PROTECTED] writes:
I'm having a real hard time debugging this, and the moment I think it's
a Kerberos config problem, and not really LDAP. I'm trying to do a new
ldap+MIT kerberos install , on a new Fedora 7 box. I can kinit, but I
can't get ldapsearch or ldapwhoami to
On Jan 17, 2008 6:51 PM, Listbox [EMAIL PROTECTED] wrote:
Now I'm trying to figure out why
Key version number for principal in key table is incorrect
Even after I remove the keys for my principle from my keytab file, then
re-add them
Adding a new keytab entry bumps the key version
On Thu, Jan 17, 2008 at 02:54:47PM -0600, John Hascall wrote:
soapbox
I realize that these sorts of password rules are often externally dictated,
but it's not clear to me (or many others) that they actually have a positive
effect on security).
/soapbox
They don't. In fact, it has been
Charles Hymes wrote:
Hi folks,
I'm having a real hard time debugging this, and the moment I think it's a
Kerberos config problem, and not really LDAP.
I'm trying to do a new ldap+MIT kerberos install , on a new Fedora 7 box. I
can kinit, but I can't get ldapsearch or ldapwhoami to work
Thanks so much guys!
THAT problem was an LDAP problem, not a Kerberos problem. In the latest
version of the Fedora slapd, it runs a script
/etc/sysconfig/dirsrv to get any environment variables. In that script I
found:
KRB5_KTNAME=/var/kerberos/krb5kdc/fdirsrv.keytab ; export KRB5_KTNAME
Hi all,
Is there any good way to make sure that a user will be prompted to change
his password the next time he authenticates as a given principal.
My first attempt was via setting the needchange flag on a test principal,
but then I am unable to authenticate as that princpal in the first place:
Coy Hile [EMAIL PROTECTED] writes:
Is there any good way to make sure that a user will be prompted to change
his password the next time he authenticates as a given principal.
My first attempt was via setting the needchange flag on a test principal,
but then I am unable to authenticate as
Russ == Russ Allbery [EMAIL PROTECTED] writes:
Russ Coy Hile [EMAIL PROTECTED] writes:
kadmin: modprinc +needchange cah220
Principal [EMAIL PROTECTED] modified.
kadmin: quit
[22:53:31]supergrover:~ % kinit cah220
kinit(v5): Password has expired while getting initial credentials
19 matches
Mail list logo
