Techie writes:
> I have compiled the eyrie pam_krb5 module for my RHEL boxes. I have
> many boxes running RHEL, some running 32 bit, some running 64bit.
> My question is this.. for all by 32bit boxes running the same version
> of RHEL, can I compile or build the libraries on a single box and
> de
Hi there,
I have compiled the eyrie pam_krb5 module for my RHEL boxes. I have
many boxes running RHEL, some running 32 bit, some running 64bit.
My question is this.. for all by 32bit boxes running the same version
of RHEL, can I compile or build the libraries on a single box and
deploy to like box
I do not think that you can use netdom /verify with an external Kerberos trust,
unfortunately.
If the registry value checks out on all the Domain controllers and the client,
then it's probably elsewhere.
You could also try the "RealmFlags" value
http://technet.microsoft.com/en-us/library/cc7366
Ye,s I did use the ksetup command on the Windows machine to add the MIT
KDC..
On Tue, Aug 3, 2010 at 4:08 PM, Wilper, Ross A wrote:
> For #3…
>
>
>
> Windows Kerberos libraries do not look at krb5.ini/krb5.conf to find
> external KDCs, they look in the registry
>
> HKLM/SYSTEM/CurrentControlSet
For #3...
Windows Kerberos libraries do not look at krb5.ini/krb5.conf to find external
KDCs, they look in the registry
HKLM/SYSTEM/CurrentControlSet/Control/LSA/Kerberos/Domains/
REG_MULTI_SZ KdcNames
(This registry key is populated by the Windows ksetup command)
For #5...
Yes,
Hi Ross,
Thank you very much for your prompt response. A number of things that I have
tried so far:
1) Incorrect passphrase for one of the three trust accounts
>> Will look at this
2) Enctype mismatch (by default, a new trust will only support RC4-HMAC)
>> specified the encryption ty
Many VPNs are built into routers that support stateful packet
inspection as part of the firewall. If the VPN is IPSec based, the MTU
on the vpn connection is typically 152 octets smaller than the MTU on
the networks it connects. As a result any packet that is larger than
this smaller MTU size mu
Unfortunately, there are a lot of reasons that this could fail.
1) Incorrect passphrase for one of the three trust accounts
2) Enctype mismatch (by default, a new trust will only support RC4-HMAC)
3) Client machine cannot resolve the MIT KDCs
4) Duplicate mappings on user accounts in the same AD d
Hi all,
I followed the steps for a cross-realm setup between the MIT KDC and AD
according to O'reilly's Definitive Guide book:
- specifying KDC's using ksetup on the participating Windows machines
- creating principals krbtgt/dom...@realm and krbtgt/re...@domain in the MIT
KDC
- creating a 2 wa
Hi,
Has anyone been able to successfully generate certs using openssl as
described here:
http://mailman.mit.edu/pipermail/krbdev/2006-November/005180.html
If so would you be able to show me examples of config files and commands
that you used?
Thanks,
--
Bram Cymet
Software Developer
Canadian B
On Mon, 2010-08-02 at 01:42 -0400, Victor Sudakov wrote:
> Please tell me how on earth does the KDC know that the packet has been
> fragmented? Packets are fragmented and reassembled on the network
> level (IP level), the fragmentation process should be opaque to UDP
> and the application, shouldn'
Colleagues,
Quoting from http://support.microsoft.com/kb/244474/
By default, Kerberos uses connectionless UDP datagram packets.
Depending on a variety of factors including security identifier (SID)
history and group membership, some accounts will have larger Kerberos
authentication packet sizes. D
Hello!
I need to write a utility, that will perform certain tasks on an outside
web-site (via SOAP). The utility needs to authenticate itself to the
site every time it runs with a username and password.
Different users (far from all!) ought to be able to run the utility on
our servers and they
hello all.
does someone know if the java gss kerberos implementation support
constrained delegation or if it is planned?
thank you
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
14 matches
Mail list logo