I assume you mean krb5_rd_req_decoded would set the ticket output
value in cases where it decrypts and decodes successfully but
doesn't validate?
Yeah, and the caller would be responsible for calling
krb5_free_enc_tkt_part if the ticket is non-null instead of it being
called in cleanup: at
Obviously any real refactor of kdc code is something way out of
scope/expertise for me to do (I only changed the silly
pass-giant-struct-by-value thing and fixed the dupe struct), but I did
docs for the new profile vars and whatnot. The change is pretty trivial
in terms of lines of code,
Hi!
I just want to ask if somebody got firefox working with kerberos proxy
authentication?
We use IronPort Proxies in our company that authenticate against the
Active Directory, so
every windows machine can logon to the proxy without credentials with
firefox, but I dont get
firefox
Hello,
Pls check the following:
1. In the browse URL Line insert about:config
2. accept the warning blabla
3.then search for string nego
4.go for string: network.negotiate-auth.trusted-uris; and change it to your
domain.your_domain.at
Should work now
Mit freundlichen Grüßen
Am 2011-08-08 13:48, schrieb Schreiber Martin:
Hello,
Pls check the following:
1. In the browse URL Line insert about:config
2. accept the warning blabla
3.then search for string nego
4.go for string: network.negotiate-auth.trusted-uris; and change it
to your domain
On 8/8/2011 12:38 AM, Greg Hudson wrote:
On Sun, 2011-08-07 at 03:13 -0400, Chris Hecker wrote:
Is there a max size for the AP-REQ and AP-REP packets? Even a
conservative (eg. never 768 bytes) would be fine.
If you are using Windows AD for the KDC, the authdata Greg refers
to below
We have also leveraged network.automatic, for single sign-on scenarios.
Set network.automatic‐ntlm‐auth.trusted‐uris value to “server1.domain.com”
(double click to set)
Set network.negotiate‐auth.trusted‐uris value to “server1.domain.com” (double
click to set)
-Original Message-
From:
Am 2011-08-08 15:46, schrieb Davalos, Jeff (STL-MOM):
We have also leveraged network.automatic, for single sign-on scenarios.
Set network.automatic‐ntlm‐auth.trusted‐uris value to “server1.domain.com”
(double click to set)
Set network.negotiate‐auth.trusted‐uris value to “server1.domain.com”
Depending on your needs, NTLM can provide a single sign-on configuration.
If Kerberos is your preference, due to security, then a Firefox browser
configuration cannot provide that, as you said.
-Original Message-
From: Martin Hochreiter [mailto:linux...@wavenet.at]
Sent: Monday,
On Mon, 2011-08-08 at 04:09 -0400, Chris Hecker wrote:
I'm not sure of the best way to write an automated test for this. Is
there an example of a complex test like this in the source tree?
We have a test framework in util/k5test.py which takes care of the heavy
lifting. You can find
We recently upgraded our primary KDC from 1.8.3 to 1.9.1, and within a few
hours, performance was so bad that we had to roll back. We're running a plain
vanilla instance of kerberos, supporting a variety of clients (versions
spanning 1.4-1.8). From the perspective of the KDC, there wasn't any
On Mon, 2011-08-08 at 11:22 -0400, Jonathan Reams wrote:
I did some performance testing on our test KDC and was able to
reproduce the performance issue with 1.9.1.
I found a regression which would affect these tests, but I'm not sure it
accounts for your global performance issues.
The KDC in
12 matches
Mail list logo
