On Fri, 6 Mar 2009, Ken Raeburn wrote:
> On Mar 6, 2009, at 13:43, pete...@bigfoot.com wrote:
>
>> Is there any way to determine the version of kinit or klist?
>
> I'm afraid not, aside from the krb5-config option you noted.
>
> It's still in our bug database, but hasn't gotten any attention yet.
kerbie_newbie wrote:
> At least in Apache 2.0, it is extremely difficult in Apache to get two
> authentication modules to co-exist; Apache by and large considers any
> particular portion of the URL space to be protected by only one
> authentication scheme (possibly combined with IP address
> restr
Actually, since you say
>>Anyway, take into account that both fallbacks require a secure server,
>>which is not the case for credential based authentication.
you mean that I would need to have some local storage (on my Linux box) of
all user ids or some sort of synchronization with Active Direct
Thanks for the responses ... still a little confused though. In another
thread I've read
"
Anyone has an apache running with mod_auth_kerb AND mod_auth_ldap
...
At least in Apache 2.0, it is extremely difficult in Apache to get two
authentication modules to co-exist; Apache by and large conside
Hi,
I wanted to know whether there are any recommendations regarding
following scenario:
- In order to Linux daemons to be running in kerberos/Active Directory
users' context, a (krbtgt) ticket is needed and is fetched by kinit.
- But this ticket is usually valid for some time depending on user
c
On Tue, Apr 7, 2009 at 5:50 PM, Dax Kelson wrote:
> On Mon, 2009-04-06 at 11:47 -0700, kerbie_newbie wrote:
>
>> As far as I can tell, when using mod_auth_kerb and selecting kerberos as the
>> authtype it is pretty much Kerberos or nothing ... is this correct? I can
>> see no way to intercept the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2009-002
MIT krb5 Security Advisory 2009-002
Original release: 2009-04-07
Last update: 2009-04-07
Topic: ASN.1 decoder frees uninitialized pointer
[CVE-2009-0846]
ASN.1 GeneralizedTime decoder can free uninitialized pointer
CVSSv2 Vector
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2009-001
MIT krb5 Security Advisory 2009-001
Original release: 2009-04-07
Last update: 2009-04-07
Topic: multiple vulnerabilities in SPNEGO, ASN.1 decoder
[CVE-2009-0844]
SPNEGO implementation can read beyond buffer end
CVSSv2 Vector: AV
Need assistance solving this issue.
My Kerberos users can't change their password running kpasswd userid
The client users can successfully login with their accounts. They can
run kinit to acquire a token, but even though they do, they can't change
their password.
The client is configured to use PA
On Mon, 2009-04-06 at 11:47 -0700, kerbie_newbie wrote:
> As far as I can tell, when using mod_auth_kerb and selecting kerberos as the
> authtype it is pretty much Kerberos or nothing ... is this correct? I can
> see no way to intercept the failure.
This not correct. What you want are these two d
On Tue, 2009-04-07 at 14:13 +0530, Shahid M Shaikh wrote:
> Hi JDSalchow,
>
> This is with reference to your reply on kerberos mailing list
> (http://mailman.mit.edu/pipermail/kerberos/2004-December/006868.html) on
> the Samba PDC and Kerberos.
>
> I am trying to make Samba PDC in a AD (LDAP + KR
The issue with Ubuntu client it's fixed. I have added a login shell for
users instead of "/bin/false".
Thanks!
Adriana Gologaneanu wrote:
> Hi again,
>
> Thanks first for all your advices. I configured Heimdal Kerberos with
> smbk5pwd plugin, it works. I have to do more tests from java client t
Hi JDSalchow,
This is with reference to your reply on kerberos mailing list
(http://mailman.mit.edu/pipermail/kerberos/2004-December/006868.html) on
the Samba PDC and Kerberos.
I am trying to make Samba PDC in a AD (LDAP + KRB) domain.
Could you please answer few of my queries on the same issue.
Hi,
I'm pretty new to this so please excuse any confusion that creeps in ...
I'm hosting a perl based web service on a Linux/Apache box that is accessed
by Windows workstations. I have Kerberos 5 (MIT) wrapping a particular perl
cgi script and all works fine for users who have an Active Director
14 matches
Mail list logo
