On Tue, Jul 29, 2008 at 05:03:23PM -0700, Russ Allbery wrote:
> We solved the problems we ran into by making sure that we had domain_realm
> mappings on the client, since otherwise ksu stopped working. I think ksu
> has now been fixed in Subversion, though.
We'll solve this problem in a similar w
Jos Backus <[EMAIL PROTECTED]> writes:
> On Tue, Jul 29, 2008 at 12:26:17PM -0700, Russ Allbery wrote:
>> I believe this was to support server-side referrals. The idea is that
>> the client will ask the server for a principal with an empty realm and
>> the server will figure out the realm.
> *no
On Tue, Jul 29, 2008 at 12:26:17PM -0700, Russ Allbery wrote:
> I believe this was to support server-side referrals. The idea is that the
> client will ask the server for a principal with an empty realm and the
> server will figure out the realm.
*nod* As it stands, without a matching domain_rea
Jos Backus <[EMAIL PROTECTED]> writes:
> In Kerberos 1.5, krb5_sname_to_principal calls krb5_get_host_realm which
> (when KRB5_DNS_LOOKUP is defined) causes DNS to be queried for a
> _kerberos.FQDN TXT RR when no applicable domain_realm entry is found and
> dns_lookup_realm is set.
>
> In 1.6 the
On 2008-07-29, bodik <[EMAIL PROTECTED]> wrote:
> * sshd_config
> KerberosAuthentication yes
> KerberosOrLocalPasswd yes
> KerberosTicketCleanup yes
that's for Kerberos 4; for version 5 you need:
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
Cheers,
--Seb
__
In Kerberos 1.5, krb5_sname_to_principal calls krb5_get_host_realm which (when
KRB5_DNS_LOOKUP is defined) causes DNS to be queried for a _kerberos.FQDN TXT
RR when no applicable domain_realm entry is found and dns_lookup_realm is set.
In 1.6 the KRB5_DNS_LOOKUP ifdef'ed code was removed. This me
Hello,
I am attempting to setup Linux(Redhat) to use Kerberos authentication
via Active Directory.
I have configured my /etc/krb5.conf with the appropriate REALM and KDC
entries.
I am able to kinit and receive a krb5 ticket.
Also I have joined the box to the Active directory domain using Samba
hi,
I think, that you also need:
* krb5.conf
a proper configuration for your realm
* sshd_config
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
* ssh_config
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
* pam.d/ssh
pam_krb5.so
* krb5.keytab
service k
Hi,
On 29/07/2008, at 6:43 PM, Abhishek Chowdhury wrote:
>
> I want to configure passwordless ssh after successful kinit.
>
> for that I have to change configurations in etc/ssh_config:
>
>
> GSSAPIAuthentication yes
> GSSAPIDelegateCredentials yes
>
> but we dont have these options in ssh_config
On Jul 29, 2008, at 08:49, Abhishek Chowdhury wrote:
> Now in the realm AMIT.ABHI.COM I have around 400 entries(servics).If
> I go
> through the method above then I have to enter the 400 entries
> separately for
> the services in AMIT.ABHI.COM. Also I cannot write abhi.com =
> AMIT.ABHI.COM
>
On Tue, Jul 29, 2008 at 9:49 AM, Abhishek Chowdhury
<[EMAIL PROTECTED]> wrote:
>
> I am using kerberos v5 version
> Following is the domain realm section of my kerberos configuration file
>
> [domain_realm]
> abhi.com = AS.ABHI.COM
>.abhi.com = AS.ABHI.COM
>
> abhi-amit.abhi.
I want to configure passwordless ssh after successful kinit.
for that I have to change configurations in etc/ssh_config:
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
but we dont have these options in ssh_config file?
any pointers in this regard?
--
View this message in context:
ht
I am using kerberos v5 version
Following is the domain realm section of my kerberos configuration file
[domain_realm]
abhi.com = AS.ABHI.COM
.abhi.com = AS.ABHI.COM
abhi-amit.abhi.com = AMIT.ABHI.COM
as.abhi.com = AMIT.ABHI.COM
Now in the realm AMIT.ABH
13 matches
Mail list logo