i'm attempting to load opensuse's mit-kerberos schema
(/usr/share/doc/packages/krb5/kerberos.schema) into an openDS -- not
openLDAP -- server.
currently, it's 'having issues' @ load ...
who actually 'owns' the creation/maintenance of that file? novell?
openDS project? this project?
it appears
I have 4 - Mac 10.4 (tiger) systems that stopped accepting gssapi-keyex
authentication via ssh. Running sshd in debug mode shows:
No principal in keytab matches desired name
/etc/krb5.keytab is correct and contains only one principal (2 encryption
types) which corresponds to the canonical n
On May 21, 2009, at 13:25, Ravi Channavajhala wrote:
> I maintain a rather large site, where there are more than a dozen KDCs
> across different locations. Recently, I configured Windows 2003-R2/AD
> as the central source of authentication for lot of Linux and Unix
> servers. The issue I'm facing
I recently tried to update our MIT krb5-1.5.4 install with the patches for
the last two security advisories.
The 2009-001-patch.txt & 2009-002-patch.txt patches apply cleanly against
the krb5-1.5.4 source & compile, but fail for 'make test'. The errors
appear to be coming from 'tests/asn.1' & c
On Thu, May 21, 2009 at 8:13 PM, Ken Raeburn wrote:
>> Why does every kerberos call need to lookup every kdc in the config
>> file, and not just the server which is going to be queried, and is
>> this configurable?
>
> It's not going to only talk to one of them; it'll go through the list
> repeat
On Thu, May 21, 2009 at 10:43 AM, Ken Raeburn wrote:
>
> This is probably a result of specifying KDC names in krb5.conf without the
> trailing ".", the standard notation for indicating a fully-qualified name.
> If the trailing dot isn't included, typically the DNS library software will
> follow t
On May 21, 2009, at 08:50, Tadoori (EXT), Vilas wrote:
> Dear All,
>
> I have downloaded the following version
>
> krb5-1.6.3-signed.tar from the consortium and was able to
> configure , make and install as per the install guide provided as
> per the steps below
>
> ./configure
> make
> make i
You could run it with strace, and see which files it's trying to open:
$ strace /usr/loca/sbin/kadmind
If you shell happens to be bash and you want to get fancy, you can
filter the output like so:
$ strace /usr/local/sbin/kadmin 2>&1 | egrep 'stat|open' | less
Picking through the output
On Thu, May 21, 2009 at 7:41 PM, james bardin wrote:
> Hello,
>
> I've seen this mentioned in a couple of posts in the archives, but I
> didn't see any consensus as to whether this is correct, or
> correctable.
>
> Basically, every kerberos call on a linux machine results in multiple
> dns lookups
On May 21, 2009, at 10:11, james bardin wrote:
> Doing a kinit on my box, just ran 73 dns queries! If there's a problem
> effecting dns, this severely impacts some systems. Also, a large bulk
> of these are queries, with the domain name appended twice. The
> first query is sent with the t
Hello,
I've seen this mentioned in a couple of posts in the archives, but I
didn't see any consensus as to whether this is correct, or
correctable.
Basically, every kerberos call on a linux machine results in multiple
dns lookups for each server in krb5.conf.
Doing a kinit on my box, just ran 73
Dear All,
I have downloaded the following version
krb5-1.6.3-signed.tar from the consortium and was able to configure , make and
install as per the install guide provided as per the steps below
./configure
make
make install
It installed fine, when I went to the /usr/local/sbin and started t
12 matches
Mail list logo