On Mar 18, 8:39 pm, "Michael B Allen" <[EMAIL PROTECTED]> wrote:
> That problem doesn't really have anything to do with SPNEGO. The SSPI
> layer knows nothing about interactive logons. The problem is that some
> application has acquired and inserted an NTLM credential into the
> credential cache so
On Wed, Mar 19, 2008 at 02:52:41AM +, Victor Sudakov wrote:
> In comp.mail.sendmail Victor Sudakov <[EMAIL PROTECTED]> wrote:
>
> > Now how do I enable GSSAPI authentication for local users? What should
> > I put into the /etc/mail/authinfo file so that each local user who has
> > a Kerberos t
In comp.mail.sendmail Victor Sudakov <[EMAIL PROTECTED]> wrote:
> Now how do I enable GSSAPI authentication for local users? What should
> I put into the /etc/mail/authinfo file so that each local user who has
> a Kerberos ticket could authenticate herself to the mailhub?
> The users send mail fr
On 3/18/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > Note that accepting raw tokens is not terribly hard considering SPNEGO
> > is largely a wrapper for the raw tokens.
>
> In our situation the Microsoft SSPI has decided that since there are
> NTLM
> credentials available due to an in
On Mar 18, 2008 at 2:15 PM, Todd Stecher wrote:
> I'm guessing that your workflow / product / code requires Kerberos
Yes.
> and you're trying to figure out how to get SPNEGO wrapped kerberos
> tokens all of the time?
That would be nice, though as you mention there are many things that
get in the
On Mar 18, 3:15 pm, "Michael B Allen" <[EMAIL PROTECTED]> wrote:
> I would hope that they do NOT change the existing behavior. I consider
> accepting "raw" NTLM and Kerberos tokens to be a feature.
I have no problems with them * accepting * "raw" NTLM and Kerberos
tokens.
I am merely talking about
On 3/18/08, Todd Stecher <[EMAIL PROTECTED]> wrote:
> My reading of the RFC is that it is truly "informational," describing
> how clients and servers use SPNEGO + HTTP, but not specifying every
> possible HTTP auth scheme. Chances are the answer you got about raw
> NTLM being "OK" was passed t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2008-002
MIT krb5 Security Advisory 2008-002
Original release: 2008-03-18
Last update: 2008-03-18
Topic: array overrun in RPC library used by kadmind
CVE-2008-0947, CVE-2008-0948
VU#374121
Use of high-numbered file descriptors in the RPC
I'm guessing that your workflow / product / code requires Kerberos (in
the absence of a good open source NTLM story), and you're trying to
figure out how to get SPNEGO wrapped kerberos tokens all of the time?
Its also extremely difficult to *always* get kerberos authentication
(wrapped or u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2008-001
MIT krb5 Security Advisory 2008-001
Original release: 2008-03-18
Last update: 2008-03-18
Topic: double-free, uninitialized data vulnerabilities in krb5kdc
CVE-2008-0062
VU#895609
Use of a null or dangling pointer in the MIT Kerbe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2008-002
MIT krb5 Security Advisory 2008-002
Original release: 2008-03-18
Last update: 2008-03-18
Topic: array overrun in RPC library used by kadmind
CVE-2008-0947, CVE-2008-0948
VU#374121
Use of high-numbered file descriptors in the RPC
On 3/18/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Mar 18, 12:59 am, "Michael B Allen" <[EMAIL PROTECTED]> wrote:
> > If the HTTP server returns "WWW-Authenticate: NTLM" then the client
> > must use NTLMSSP tokens. If it returns "WWW-Authenticate: Negotiate"
> > then the tokens must b
Hii Ken,
Thanks for your reply.I have configured kerberos again with TCL support
as:
$ ./configure --with-tls=/usr --without-kerberos
There were no errors in this step again.
Now a new error was occured in "make" step:
$ make
The output of this command(Partial) is:
tcl_ovsec_kadm.c:1292: err
Hii Ken,
Thanks for your reply.I have configured kerberos again with TCL support
as:
$ ./configure --with-tls=/usr --without-kerberos
There were no errors in this step again.
Now a new error was occured in "make" step:
$ make
The output of this command(Partial) is:
tcl_ovsec_kadm.c:1292: err
Hii Ken,
Thanks for your reply.I have configured kerberos again with TCL support
as:
$ ./configure --with-tls=/usr --without-kerberos
There were no errors in this step again.
Now a new error was occured in "make" step:
$ make
The output of this command(Partial) is:
tcl_ovsec_kadm.c:1292: err
Hello kevin,
Sorry for confusing you from the begininng.
I am using a linux environment in which has kerberos 1.2.7. This machine was
requesting for ticket from KDC(windows ) in another domain.
Thats where i encountered Error Code 52. Everyone including you suggested me
to upgrade to newer versi
On Mar 18, 12:59 am, "Michael B Allen" <[EMAIL PROTECTED]> wrote:
> If the HTTP server returns "WWW-Authenticate: NTLM" then the client
> must use NTLMSSP tokens. If it returns "WWW-Authenticate: Negotiate"
> then the tokens must be SPNEGO. If it returns both, then the client
> can pick.
Yep ... t
17 matches
Mail list logo