On Mon, May 20, 2013 at 5:20 AM, Vipul Mehta wrote:
> One more question, what is the exact use of context delegation flag if it
> doesn't need to be same on initiator and acceptor side.
The initiator gets to ask for credential delegation.
The acceptor gets to receive delegated credentials.
The
One more question, what is the exact use of context delegation flag if it
doesn't need to be same on initiator and acceptor side.
On Fri, May 17, 2013 at 9:54 PM, Vipul Mehta wrote:
> On Fri, May 17, 2013 at 8:31 PM, Greg Hudson wrote:
>
>> The GSSAPI doesn't distinguish between different kinds
On Sun, May 19, 2013 at 9:44 AM, Bernardo Pastorelli
wrote:
> I run on an OS where the available version of the cyrus-sasl library does
> not support SASL_GSS_CREDS.
> So openldap has LDAP_OPT_X_SASL_GSS_CREDS, but then when calling cyrus-sasl,
> it fails because it is not able to handle SASL_GSS_
Tiago Elvas writes:
> I am not sure I fully understand your indications so I paste the contents
> of the files:
> /etc/pam.d/vsftpd
>> #%PAM-1.0
>> sessionoptional pam_keyinit.soforce revoke
>> auth required pam_listfile.so item=user sense=deny
>> file=/etc/vsftpd/ftpusers
I am not sure I fully understand your indications so I paste the contents
of the files:
/etc/pam.d/vsftpd
> #%PAM-1.0
> sessionoptional pam_keyinit.soforce revoke
> auth required pam_listfile.so item=user sense=deny
> file=/etc/vsftpd/ftpusers onerr=succeed
> auth requi
Tiago Elvas writes:
> As for the SSH, could you tell me how to accomplish that? In my initial
> attempts I believe I tried to set ccache name and dir but without
> success.
Which Kerberos PAM module are you using?
> The ftp server is vsftpd. Does this help?
vsftpd's source appears to do the ri
As for the SSH, could you tell me how to accomplish that? In my initial
attempts I believe I tried to set ccache name and dir but without success.
The ftp server is vsftpd. Does this help?
Thanks,
Tiago
On Mon, May 20, 2013 at 6:37 PM, Russ Allbery wrote:
> Tiago Elvas writes:
>
> > Thanks fo
Tiago Elvas writes:
> Thanks for your reply!
> Firstly, as for the SSH connection, I need the ticket to have a
> controled name, and not a randomized one. That problem is fixed by my
> patch.
Depending on what PAM module you're using, you may be able to set ccache
in the PAM options to the file
Hi Russ,
Thanks for your reply!
Firstly, as for the SSH connection, I need the ticket to have a controled
name, and not a randomized one. That problem is fixed by my patch.
As for the FTP problem, the thing is that when I logout from the FTP
connection, the system does not delete the ticket file
Tiago Elvas writes:
> I am having a problem here with the FTP authentication using Kerberos.
> What is happening is that when I connect from host_A to host_B using
> ftp, the acquired ticket (in host_B) is being stored as
> "/tmp/krb5cc_503_z2fgka".
That seems like a fine name for a Kerberos tic
Hi all,
I am having a problem here with the FTP authentication using Kerberos.
What is happening is that when I connect from host_A to host_B using ftp,
the acquired ticket (in host_B) is being stored as "/tmp/krb5cc_503_z2fgka".
I also had this problem in SSH logins, and it seems to be related t
Hi,
Need some assistance in proceeding further with pkinit.
Set up a kerberos server with pkinit support and tested the same with client in
another machine and same has been verified with wireshark capture where the
padata goes as PA-DASS and value carries the certificate.
Now tried testing th
12 matches
Mail list logo