Hi,
I have AD (Active Directory) Server installed on Win2003 server
I have another win2003 server as a client
what are the steps i have to follow to enable kerberos services, on which
boxes i need to confiure
and i want to authenticate the user using JNDI and kerberose
Can you please help me
Hello All,
I am looking for a way to enable users to get access to their space through
the web browser.
I would like to integrate it with our Kerberized SSO environment as well.
I tried this module http://modauthkerb.sourceforge.net/ but I have
encounter some issues:
1) I didn't succeed in
has anyone been able to figure this out?
thanks!
Steven
Very weird, when running kadmin.local under valgrind,
it does NOT segfault. I am including the valgrind
output.
---
[EMAIL PROTECTED] ~]# valgrind kadmin.local
==9674== Memcheck, a
We received a lot of good information from the Windows Higher Ed list, but
I thought it might be valuable to get feedback from the folks who support
external KDCs as well. Are there any major gotchas that those of us
who support Kerberos or the Windows community at large should be aware
of?
The
Hi Ido,
The modauthkerb website says you need an extention for Mozilla (I'm
assuming the Mozilla Suite and Firefox) to do ticket-passing
authentication*. We have it setup for doing username and password
authentication right now and it works quite well. The configuration for a
.htaccess is a
On Feb 19, 2008, at 02:17, Sachin Punadikar wrote:
While doing code walkthrough of krb5kdc and kadmind programs,
I noticed a difference between these two in the way it sets up the
ports for listening.
krb5kdc uses ioctl calls to get the interfaces list and then on each
interface/ip-address
There is a requirement that preauth'ed service accounts (which IIS would
have) only accept preauthed tickets.
* Speedo [EMAIL PROTECTED] [2008-02-19 10:32]:
Sorry to post into 2 groups.
I have a Java application using Kerberos to talk to IIS on a Windows
domain. First I call java's kinit
On Feb 19, 10:47 am, [EMAIL PROTECTED] wrote:
Hello all,
I have a specific question coming from my activities in a prior thread
(Trouble Getting Ticket into Cache). The thread got confusing when
others attached to it with different questions. I thought a new post
was in order.
My C
Sorry to post into 2 groups.
I have a Java application using Kerberos to talk to IIS on a Windows
domain. First I call java's kinit and then use the acquired initial
TGT to connect to IIS with JGSS. When the initial ticket is pre-
authed, I can get the web content. However, if I set the user
Ido Levy [EMAIL PROTECTED] writes:
I am looking for a way to enable users to get access to their space through
the web browser.
I would like to integrate it with our Kerberized SSO environment as well.
I tried this module http://modauthkerb.sourceforge.net/ but I have
encounter some issues:
With all of the testing I've been doing, the scenario
you describe has happened. I've been testing on
multiple machines, so I'm not sure if it's happened on
all of the ones that are failing.
Steven
--- Kenneth Grady [EMAIL PROTECTED] wrote:
Have you reloaded an account from a dump? and was
Hello all,
I have a specific question coming from my activities in a prior thread
(Trouble Getting Ticket into Cache). The thread got confusing when
others attached to it with different questions. I thought a new post
was in order.
My C script is using get_in_tkt_with_password() to cache a
Hi,
no.
The centrofy client makes the unix/linux/mac computers AD aware, and kerberos
aware.
The central kdc is the Active Directory KDC, and the unix/linux/mac are exactly
as Windows AD client.
So, for example, a windows computer which use Putty can present a kerberos
ticket to a Unix
Javier Palacios ha scritto:
If you experience problems with MIT, try with heimdal. Configuration only
departs from non-ldap backend in the fact that you must supply an ldap
dbname in the database section.
OK, I'll try. Thanks for the answers
--
questo articolo e` stato inviato via web dal
sylvain cortes [EMAIL PROTECTED] wrote:
So, for example, a windows computer which use Putty can present a
kerberos ticket to a Unix machine with the Centrofy client, without
any re-authentication. And Unix to Windows, or Unix to Unix works
also in the same way.
You can do that without paying
[EMAIL PROTECTED] (hiroshi) writes:
Javier Palacios ha scritto:
If you experience problems with MIT, try with heimdal. Configuration
only departs from non-ldap backend in the fact that you must supply an
ldap dbname in the database section.
OK, I'll try. Thanks for the answers
Building the
I am using SASL/GSSAPI to authenticate to Kerberos from OpenLDAP. I
haven't gotten that to work yet.
Almost all of the docs I found presume that I am setting up the KDC on
the same server at OpenLDAP. In my case, the KDC is administered by
another group who is willing to grant me access to
Wes Modes wrote:
I am using SASL/GSSAPI to authenticate to Kerberos from OpenLDAP. I
haven't gotten that to work yet.
Are you saying you want to use SASL/GSSAPI/Kerberos between a ldap client and
and ldapserver?
Almost all of the docs I found presume that I am setting up the KDC on
the
hi - you always can do everything...it's a question about time ;-)
I did the classic way before using centrify, and it was hell to maintain:
manage the keytab, manage the ad account, manage the NTP client to have the
right ticket session, etc...
Sylvain CORTES [EMAIL PROTECTED]
From: [EMAIL
I am using SASL/GSSAPI to authenticate to Kerberos from OpenLDAP. I
haven't gotten that to work yet.
Almost all of the docs I found presume that I am setting up the KDC on
the same server at OpenLDAP. In my case, the KDC is administered by
another group who is willing to grant me access to
To clarify.
To separate and modularize some of these services, we have three
servers: A file server running Samba; A directory server running
OpenLDAP to provide personal and group identities; and an authentication
server running Kerberos (administered by another group). Samba connects
to
Wes Modes wrote:
To clarify.
To separate and modularize some of these services, we have three
servers: A file server running Samba; A directory server running
OpenLDAP to provide personal and group identities; and an authentication
server running Kerberos (administered by another group).
Jeffrey Altman wrote:
Wes Modes wrote:
To clarify.
To separate and modularize some of these services, we have three
servers: A file server running Samba; A directory server running
OpenLDAP to provide personal and group identities; and an authentication
server running Kerberos
Let me rephrase what you are attempting to do. You want to authenticate
the LDAP query from the Samba client to the OpenLDAP server by sending a
username and password from Samba to OpenLDAP over a TLS protected
connection using SASL.
Instead of the LDAP server storing the password and using
Hello All,
I am looking for a way to enable users to get access to their space through
the web browser.
I would like to integrate it with our Kerberized SSO environment as well.
I tried this module http://modauthkerb.sourceforge.net/ but I have
encounter some issues:
1) I didn't
JE == Jay Elvove [EMAIL PROTECTED] writes:
JE Last month, a colleague of mine sent a message to the Windows
JE Higher Ed list asking about possible problems authenticating
JE certain Microsoft applications to an external KDC. We're getting
JE ready to roll out our very first
Ok, this one has me a bit stumped...
We have a functioning production kerberos environment
that I'm trying to add a Solaris 11 (beta 79) client to.
The kdc in my immediate realm where the host principals
are located is a Solaris 9 host, and we have several working
Solaris 10 client machines
27 matches
Mail list logo