Hi folks,
I am new to using Kerberos. I am trying to set up KDC to work with PKINIT.
I barely found information how to set up the system to work with smartcards on
the Internet so I post my question here.
I read the Admin Guide up and down but found no clarification.
What did I do:
I set up a K
> Date:Thu, 03 Jun 2010 16:21:43 EDT
> To: Marcus Watts
> cc: "kerberos@mit.edu"
> From:Tom Yu
> Subject: Re: kadmin.local "ank -randkey" ignores kdc.conf's
> default_principal_f
> ***lags?
>
> Marcus Watts writes:
>
> >> Date:Thu, 03 Jun 2010 14:23:14 EDT
> >> To:
On Jun 3, 2010, at 16:16, John Merrill wrote:
>When calling com_err (AIX client 1.8.1) with error code
> -1765328189, it core dumps. The error message should be "No
> credentials cache found". I'm running the 1.8.1 Kerberos client on an
> IBM power-6, AIX 5.3. I linked with the 32-bit
When calling com_err (AIX client 1.8.1) with error code
-1765328189, it core dumps. The error message should be "No
credentials cache found". I'm running the 1.8.1 Kerberos client on an
IBM power-6, AIX 5.3. I linked with the 32-bit Kerberos client
libraries. I would like to try co
Marcus Watts writes:
>> Date:Thu, 03 Jun 2010 14:23:14 EDT
>> To: Adam Megacz
>> cc: "kerberos@mit.edu"
>> From:Greg Hudson
>> Subject: Re: kadmin.local "ank -randkey" ignores kdc.conf's
>> default_principal_f
>> ***lags?
>>
>> On Wed, 2010-06-02 at 23:43 -0400, Adam M
> Date:Thu, 03 Jun 2010 01:59:57 PDT
> To: kerberos@mit.edu
> From:Peter Waller
> Subject: Re: OpenSSH GSSAPI gives "Cannot find ticket for requested realm"
>
> Hi Simon,
...
> After some googling, I can't figure out how to get a list of valid
> enctypes to try. I tried a few enctype
> Date:Thu, 03 Jun 2010 14:23:14 EDT
> To: Adam Megacz
> cc: "kerberos@mit.edu"
> From:Greg Hudson
> Subject: Re: kadmin.local "ank -randkey" ignores kdc.conf's
> default_principal_f
> ***lags?
>
> On Wed, 2010-06-02 at 23:43 -0400, Adam Megacz wrote:
> > Related to my p
Peter Waller writes:
> Thanks for your response.
> klist -v shows:
> Ticket etype: des-cbc-md5, kvno 44
> Ticket length: 318
> If DES has been removed, I guess this could be the problem?
> After some googling, I can't figure out how to get a list of valid
> enctypes to try. I tried a few enct
On Wed, 2010-06-02 at 23:43 -0400, Adam Megacz wrote:
> Related to my previous posting, I find that even though I have
>
> default_principal_flags = +preauth
>
> in kdc.conf, when I use kadmin.local's "ank -randkey" command to create
> a service principal, the principal is created with no attri
Related to my previous posting, I find that even though I have
default_principal_flags = +preauth
in kdc.conf, when I use kadmin.local's "ank -randkey" command to create
a service principal, the principal is created with no attributes.
Principals created with "addprinc" and a password provided
Hi Simon,
On Jun 2, 6:00 pm, Simon Wilkinson wrote:
> > Karmic 9.10: OpenSSH 5.1p1-6ubuntu2, libgssapi-krb5-2
> > 1.7dfsg~beta3-1ubuntu0.6
> > Lucid 10.04: OpenSSH 5.3p1-3ubuntu3, libgssapi-krb5-2 1.8.1+dfsg-2
>
> This particular version change makes me suspect something related to DES
> ticket
On Thu, 2010-06-03 at 00:06 -0400, Richard Silverman wrote:
> Thanks for looking at it. I don't know that 1.7 is OK, though;
> the latest release I know does *not* have the problem, is 1.6.3.
I was also able to get a trunk gss-client to authenticate to a 1.6
gss-server with a 1.6 KDC, with only R
12 matches
Mail list logo