Hi there
On 17 September 2010 13:05, Jean-Yves Avenard jyaven...@gmail.com wrote:
goes on forever, and in the logs I have thousands of
[Fri Sep 17 12:59:45 2010] [info] Subsequent (No.76) HTTPS request
received for child 1 (server svn.domain.com:443)
[Fri Sep 17 12:59:45 2010] [debug]
Hi there.
I have tried to configure a Windows 7 machine to use our kerberos
realm. The KDC is MIT krb5 1.7.1.
When I try to login using my kerberos principal ; I get an error that
there are no logon server available.
In the Windows 7 logs, I see the error:
The digitally signed Privilege
Jean-Yves Avenard jyaven...@gmail.com wrote:
Am I to understand that it is not currently possible to authenticate
on a windows machine using a MIT kerberos KDC ? It would be a good
windows domain replacement
I sort-of have this working, although this is probably different than your
setup.
Jean-Yves Avenard jyaven...@gmail.com wrote:
I have now identified the cause of the issue.
When using mod_auth_kerb with MIT krb5 v1.6.x it works perfectly
with krb5 1.7 and 1.7.1 same.
However, I get this GSS-API major_status:000d,
minor_status:000186a3 error whenever I use MIT 1.8.x
You must have the external (MIT) principal mapped to a Windows user for logon
to succeed.
This can be done with an Active Directory/Cross-realm trust by using the
AltSecurityIdentities property on AD users. For a machine in a Workgroup, this
can be done by using ksetup /mapuser
Windows
On 22 September 2010 05:28, Christopher D. Clausen cclau...@acm.org wrote:
I'm guessing you need to enable single DES encryption types on the KDCs, the
web server and the clients.
You should look into the allow_weak_crypto = true in the [libdefaults]
section of krb5.conf
Will surely try.
Please ignore, I thought you were referring to another post of mine.
Definitely not the issue between krb5 1.7.1 and 1.8.3
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
I've never personally attached a Windows box directly to an MIT realm, only
read the instructions.
If you have created the principal for the Windows machine and set the password
in the Windows machine, then mapped the user's principal to a local account,
then you are past what I have done for