Hello.
I sometimes hears than kerberos 5 security is lowered by the use of file
based credentials, whereas kerberos 4 was using shared memory instead,
making much more difficult to an admin (for instance) to retrieve a
valid user ticket.
I know an admin user can scan the memory for a user tick
> For PCI reasons I have to report all accounts which have been inactive
> (i.e. no logins) for three months. The goal here is to automate the
> process... [...grubbing through logs...]
What I would do is:
1) make sure my KDCs were configured "--with-kdc-kdb-update" when built
2) mak
On Jan 20, 2010, at 07:35, Guillaume Rousse wrote:
> I sometimes hears than kerberos 5 security is lowered by the use of
> file
> based credentials, whereas kerberos 4 was using shared memory instead,
> making much more difficult to an admin (for instance) to retrieve a
> valid user ticket.
Depe
On Jan 20, 2010, at 08:47, John Hascall wrote:
> What I would do is:
>1) make sure my KDCs were configured "--with-kdc-kdb-update" when
> built
Last I looked, this information still gets stored locally on each KDC,
and is overwritten when the master->slave propagation happens. So a
succ
> On Jan 20, 2010, at 08:47, John Hascall wrote:
> > What I would do is:
> >1) make sure my KDCs were configured "--with-kdc-kdb-update" when
> > built
>
> Last I looked, this information still gets stored locally on each KDC,
> and is overwritten when the master->slave propagation happen
On Jan 20, 2010, at 09:15, John Hascall wrote:
> Ah yes, I'd forgotten that.
> so:
> 1a) I would use an incremental propagation technique.
The current iprop mechanism relies on full propagation in cases where
the slave has gotten too far behind. It's automatic, too, so both
modes ne
The error list in netstat (as well as in the other email that you sent)
seems reasonable for a machine that has been up for a period of time.
Setspn output looks reasonable as well.
Have you tried just un-joining and re-joining the computer account in
question to the domain? This usually fixes
Hi,
I have configured KDC, application server, client as given in the
manual and i have created principal vi...@global.com
but when i run rlogin and telnet i am getting following error.
1. When i run *rlogin *i am getting following error(Uncommented rlogind
in /etc/inetd.conf on
Hi,
When i tried to rlogin i am getting following error:
*bash-3.1# rlogin 172.16.10.211.global.com
Couldn't authenticate to server: Bad sendauth version was sent
trying normal rlogin (/usr/bin/rlogin)
*
/etc/inetd.conf is as follows(commented lines not shown):
*
time
Sorry I put wrong server details of netstat -s. Plz find now the correct one.
C:\>netstat -s
IPv4 Statistics
Packets Received = 207484084
Received Header Errors = 0
Received Address Errors = 4204
Datagrams Forwarded = 0
Unknown P
No samba and non-windows. All are windows servers.
U:\>setspn -l SLH-001155
Registered ServicePrincipalNames for CN=SLH-001155,OU=Laptops,OU=SLH,OU=GBR,OU=E
UR,DC=dir,DC=ucb-group,DC=com:
HOST/SLH-001155
HOST/SLH-001155.dir.ucb-group.com
U:\>setspn -l BRAPRINT001
Registered ServicePrin
Thanks for your response.
I have not tried to un-join & join. I can try this option as a last effort.
If i need to un-join, Which machine do I need to do? Is BRAPRINT001?
Time zones are correct on all servers.
I queried all the dcs event logs for eventid 11 through eventcombat.exe but
none of th
I have no other suggestions. I'd say to try re-joining all three
computers, one at a time, and see if the errors go away.
The error basically means that the Kerberos "stuff" sent across the
network could not be used by the client computer. Again, this is
usually due to two computer accounts w
vinay kumar writes:
>I have configured KDC, application server, client as given in the
> manual and i have created principal vi...@global.com
>but when i run rlogin and telnet i am getting following error.
> 1. When i run *rlogin *i am getting following error(Uncommented rlog
raj esh L wrote:
> We have observed Kerberos event id4 on one member server (Print server
> )BRAPRINT001 (10.1.37.167). Please find the description below about the event
> id. Can some one please help me on it ?
>
> Event Type:Error
> Event Source: Kerberos
> Event Catego
Hi,
Thanks for your response
I found many people faced these sort of problems on DCs and suggested to check
SPN duplications. I verified those and could find any issues with it. But we
are facing on member server which acts as print server.
I verified this article and it is more related to II
Re-joining all 3 computers is bit difficult. We get 3 to 4 more events per day
and always BRAPRINT001 is common but rest two computer names are changed. If I
try to do it in such a way I have to un-join many computers. The rest two
computers are always winxp.
I think if we understand the descr
On Jan 20, 2010, at 10:34, vinay kumar wrote:
>*bash-3.1# rlogin 172.16.10.211.global.com
>Couldn't authenticate to server: Bad sendauth version was sent
>trying normal rlogin (/usr/bin/rlogin)
> *
> /etc/inetd.conf is as follows(commented lines not shown):
The version you sent has
Secure Endpoints Inc. is proud to announce the availability
of the Kerberized Certificate Authority Provider (aka kx509)
version 2.3 for Network Identity Manager.
The KCA provider enables Network Identity Manager to
obtain one or more X.509 certificates for each configured
identity from Kerberos r
19 matches
Mail list logo
