I have been trying to setup kerberos client on RedHat machine with Apache
mod_auth_kerb.
I have tested kerberos client configuration using kinit, klist etc. and its
working and the Linux machine is getting tickets. But the problem is when I
try to access the reousrce page from Windows (domain
Detailed error message from apache error log, we are on red hat enterprise 5
[Tue Feb 03 10:41:21 2009] [debug] src/mod_auth_kerb.c(1432): [client
*.*.*.*] kerb_authenticate_user entered with user (NULL) and auth_type
Kerberos
[Tue Feb 03 10:41:21 2009] [debug] src/mod_auth_kerb.c(1432):
[client
On Feb 3, 2009, at 11:15, Omair Sajid wrote:
Detailed error message from apache error log, we are on red hat
enterprise 5
[Tue Feb 03 10:41:21 2009] [debug] src/mod_auth_kerb.c(1432): [client
*.*.*.*] kerb_authenticate_user entered with user (NULL) and auth_type
Kerberos
[Tue Feb 03
Hi Ken,
I have asked the domain admin to give me details on how the key was
generated will let you know once i have full details. Also can you point me
to the krb5 error table from where you got the mapping for Error 230.
Because when i google it i get something different.
Also if there is some
Hey guys,
I am short before dispairing :(
Maybe someone has time and likes to help me? :)
I am trying to set up kerberos to authenticate a
TWiki running on Unix against an Windows Server 2003 Active Directory...
I configured the krb5.conf like this:
[logging]
...
[libdefaults]
On Feb 3, 2009, at 14:48, matthieu wrote:
I'm currently writing a kerberized daemon and would like to disable
replay cache. I'm using krb5-1.6.1 (RedHat 5.2).
I did not find any relevant function in the API. I finally find the
krb5_rc_resolve_full function in the krb5 source code and use it
Hello,
I saw some messages on this mailing from 2005 and last year on this
topic, but I wanted to check what the current status of this is.
Does the MIT Kerberos KDC currently implement client or server
referrals, as per Internet draft
is there an AD account with that SPN?
HTTP/wiki.test.lan:8...@srv.test.lan
-Original Message-
From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On
Behalf Of slainde...@kabelmail.de
Sent: Tuesday, February 03, 2009 6:28 AM
To: kerberos@mit.edu
Subject: Prob: failed to verify
Hi,
I'm currently writing a kerberized daemon and would like to disable
replay cache. I'm using krb5-1.6.1 (RedHat 5.2).
I did not find any relevant function in the API. I finally find the
krb5_rc_resolve_full function in the krb5 source code and use it for
now with a replay cache file name like
Paul Moore wrote:
is there an AD account with that SPN?
HTTP/wiki.test.lan:8...@srv.test.lan
The port number :8080 is usually not part of the principal name.
So the browser may be looking for HTTP/wiki.test@srv.test.lan
-Original Message-
From: kerberos-boun...@mit.edu
for sure the port number should not be in the SPN. I didnt even notice
that. I was wondering if there is any principal at all
-Original Message-
From: Douglas E. Engert [mailto:deeng...@anl.gov]
Sent: Tuesday, February 03, 2009 2:13 PM
To: Paul Moore
Cc: slainde...@kabelmail.de;
slainde...@kabelmail.de wrote:
First of all, thanks for your answers and interest.
I already tried it without the port, because I realized, short after I sent
my first mail, that the port is really not part of the name.
So I recreated the keytab file with
Two more things:
Who owns /etc/http.keytab? Apache needs access to the file.
Does hostname on the unix system show the FQDN: wiki.test.lan?
slainde...@kabelmail.de wrote:
First of all, thanks for your answers and interest.
I already tried it without the port, because I realized, short
MIT-KC publishes new whitepaper on Kerberos-on-the-Web.
One of the major goals of the MIT-KC is to establish Kerberos as a
ubiquitous authentication mechanism on the Internet and also to make
Kerberos appropriate for new environments. One of the key efforts within the
MIT-KC directed at this
First of all, thanks for your answers and interest.
I already tried it without the port, because I realized, short after I sent my
first mail, that the port is really not part of the name.
So I recreated the keytab file with HTTP/wiki.test@srv.test.lan.
Kinit still works, but the Server not
Hello,
I understand that proxiable/proxy tickets are rarely used and the
corresponding code in the MIT Kerberos implementation is not very well
tested. However, I found two possibly buggy places in the KDC code,
so I think this is worth asking about.
I used the MIT Kerberos distribution and was
On 3 fév, 22:16, Ken Raeburn raeb...@mit.edu wrote:
On Feb 3, 2009, at 14:48, matthieu wrote:
I'm currently writing a kerberized daemon and would like to disable
replay cache. I'm using krb5-1.6.1 (RedHat 5.2).
I did not find any relevant function in the API. I finally find the
17 matches
Mail list logo
