On 9/30/2010 7:45 PM, Jean-Yves Avenard wrote:
> Hi
>
> On 1 October 2010 09:39, Jeffrey Altman wrote:
>
>> You should not have to build KFW from scratch to build applications.
>> The KFW SDK is included in the KFW installers.
>> You want to build against that, not the source tree.
>
> I agree.
>
Hi
On 1 October 2010 09:39, Jeffrey Altman wrote:
> You should not have to build KFW from scratch to build applications.
> The KFW SDK is included in the KFW installers.
> You want to build against that, not the source tree.
I agree.
However, the author of TortoiseSVN wants to only build again
On 9/30/2010 7:34 PM, Jean-Yves Avenard wrote:
> Hi
>
> On 30 September 2010 23:19, Jeffrey Altman
> wrote:
>> Jean-Yves:
>>
>> I would recommend that you take a look at
>>
>> http://github.com/secure-endpoints/heimdal-krbcompat
>>
>> This SDK provides implementation independence for applicati
Hi
On 30 September 2010 23:19, Jeffrey Altman wrote:
> Jean-Yves:
>
> I would recommend that you take a look at
>
> http://github.com/secure-endpoints/heimdal-krbcompat
>
> This SDK provides implementation independence for applications with both
> Heimdal and MIT Kerberos.
>
> If you don't want
Hi Kevin,
One more thing I just thought of.
Check the value for sscope (Search Scope). It should be in your
Kerberos Realm Container as krbSearchScope. If this is set to 1 it will
not search your subtrees.
From the krb5_ldap_util man page:
-sscope search_scope
Specifies the sco
Hi Kevin
This should "just work". kadmin and kadmin.local will list all the
principals found in any subtrees that are found in the Kerberos Realm
Container.
You should be able to see your subtrees in the LDAP tree under the realm
container using any LDAP browser.
In my test tree my Kerbero
Hi,
I tried to find this in the documentation so if someone could point me in the
right direction, I would appreciate it. I am trying to list all the kerberos
principals created with a LDAP back end that are not in the realm container.
Using kadmin list_principals only shows what is in the r
On Thu, 2010-09-30 at 07:16 -0400, Brian Candler wrote:
> Now, in the administrator's guide on the web at [...]
> [realms]
> ATHENA.MIT.EDU = {
> auth_to_local = {
> RULE:[2:$1](johndoe)s/^.*$/guest/
> RULE:[2:$1;$2](^.*;admin$)s/;admin$//
> RULE:[2:
On Thu, Sep 30, 2010 at 09:14:32AM -0400, Greg Hudson wrote:
> That's just wrong; I've fixed it for the 1.9 admin docs. Thanks for
> reporting this, and apologies for the time it took to figure it out.
That's OK, I learned a lot in the process :-)
Regards,
Brian.
___
On 30.09.2010 11:43, Russ Allbery wrote:
> Nikolay Shopik writes:
>> On 30.09.2010 1:23, Russ Allbery wrote:
>
>>> In practice, you need to add HTTP/* principals for both names to the
>>> Apache keytab if they differ, and then configure mod_auth_kerb to
>>> accept any credential that's available i
Hi,
I wanted to know if there is a way I can stub out in the code so I do not check
the domain controller/realm’s server certificate when using smartcards thru
pkinit plugin (via PAM/pamkrb) and MIT Kerberos 1.8.3?
My problem is the DC is an MS box that I have no control over and has a
tende
On Thu, 2010-09-30 at 10:24 -0400, Brian Candler wrote:
> Ideally I would have generated a random password on one box (e.g.
> addprinc -randkey) and then copied it to the other, and I wondered if there
> is a straightforward way to do this.
I'm not personally aware of a straightforward way to do t
I have cross-realm authentication working, and one step of this required me
to do the following on both KDCs:
# kadmin.local
addprinc krbtgt/bar.example@foo.example.com
and then type the same (long and random) password into both boxes.
Ideally I would have generated a random password on on
Jean-Yves:
I would recommend that you take a look at
http://github.com/secure-endpoints/heimdal-krbcompat
This SDK provides implementation independence for applications with both
Heimdal and MIT Kerberos.
If you don't want to go this route what you need to do is to use delay
loading of the G
I have been trying out Kerberos under CentOS 5.5, which claims to include
MIT kerberos version 1.6.1:
# rpm -qi krb5-server
Name: krb5-server Relocations: (not relocatable)
Version : 1.6.1 Vendor: CentOS
...
URL : http://web.mit.edu/
Hi
Still related to Kerberos for Windows , but from a development perspective..
I am working on adding GSSAPI support on TortoiseSVN ; this is done by
compiling sasl and neon with GSSAPI support.
This is itself was rather simple using the Kerberos for Windows SDK ;
however for various reasons, I
Nikolay Shopik writes:
> On 30.09.2010 1:23, Russ Allbery wrote:
>> In practice, you need to add HTTP/* principals for both names to the
>> Apache keytab if they differ, and then configure mod_auth_kerb to
>> accept any credential that's available in the keytab. Last time we did
>> testing, Fire
On 30.09.2010 1:23, Russ Allbery wrote:
> In practice, you need to add HTTP/* principals for both names to the
> Apache keytab if they differ, and then configure mod_auth_kerb to accept
> any credential that's available in the keytab. Last time we did testing,
> Firefox did one thing and IE did th
18 matches
Mail list logo