On 02/04/2014 11:39 PM, Damien Touraine wrote:
> I am looking for a method to filter ticket granting.
> For instance, I have two NFS servers (nfs/server1@REALM and
> nfs/server2@REALM) and one computer client (nfs/client@REALM).
> I want kerberos to grant nfs/client@REALM for nfs/server1@REALM, but
I have removed krb...@mit.edu from the CC line. The krbdev list is for
discussion of MIT krb5 development only, and this question has to do with
Heimdal/OSX code. Also, please do not send mail to krbdev and kerberos at
the same time.
[Srinivas Cheruku] Sorry, I included krbdev thinking that some
Hi,
I am looking for a method to filter ticket granting.
For instance, I have two NFS servers (nfs/server1@REALM and
nfs/server2@REALM) and one computer client (nfs/client@REALM).
I want kerberos to grant nfs/client@REALM for nfs/server1@REALM, but
forbid nfs/client@REALM for nfs/server2@REALM.
Greg, the patch that you gave us fixed the issue. Thanks for the prompt
debugging and a quick patch.
Prakash
On Mon, Feb 3, 2014 at 6:53 PM, Prakash Narayanaswamy
wrote:
> Thanks a lot, Greg. We'll take the patch, apply it, test it and get back
> to you. Thanks again.
>
> Prakash
>
> Prakash
On 02/04/2014 06:54 AM, suneetha Nadella wrote:
> Enabled trace.. Logs attached. Looks like its looking into wrong memory
> block??
The mailing list server stripped your attachment, so I got it but the
list didn't; that's probably fine.
It's expected that there are two different MEMORY ccaches in
Enabled trace.. Logs attached. Looks like its looking into wrong memory
block??
Not sure if I am doing everything right...
On Mon, Feb 3, 2014 at 9:40 PM, Greg Hudson wrote:
> On 02/03/2014 06:20 AM, suneetha Nadella wrote:
> > Constrained delegation tests follow
> > --
I have removed krb...@mit.edu from the CC line. The krbdev list is for
discussion of MIT krb5 development only, and this question has to do
with Heimdal/OSX code. Also, please do not send mail to krbdev and
kerberos at the same time.
On 02/04/2014 08:04 AM, Srinivas Cheruku wrote:
> kret = k
Hi All,
I was using Chrome/Safari browser on Mac to authenticate the user using HTTP
Negotiate and found that the user is able to authenticate successfully and
able to forward his credentials to the web server in the first attempt.
After 5 minutes, if I try again I found that the authentica
Hello Greg,
> What are you looking at specifically? GSSAPI exchanges begin with the
> client.
I thought you might say that. I was looking at SPNEGO, which embeds GSSAPI but
where the initiative is (usually) taken by the server. It’s a waste that
SPNEGO doesn’t communicate a challenge at that