Jaap Winius writes:
> On Tue, 12 Aug 2014 18:20:47 -0700, Russ Allbery wrote:
>> That sounds like you didn't get the right aname_to_localname
>> configuration in your krb5.conf file, since it can't find a mapping.
> Do you mean an auth_to_local mapping in krb5.conf?
Yes -- I think there are mul
On Tue, 12 Aug 2014 18:20:47 -0700, Russ Allbery wrote:
>> krb5_aname_to_localname() found no mapping for principal
>> jwin...@myrealm.com
>
> That sounds like you didn't get the right aname_to_localname
> configuration in your krb5.conf file, since it can't find a mapping.
Do you mean an auth_t
Jaap Winius writes:
> On Tue, 12 Aug 2014 17:28:06 -0700, Russ Allbery wrote:
>> I believe KrbLocalUserMapping calls krb5_aname_to_localname, so another
>> option is to leave it on and change, in the Kerberos configuration, how
>> local user mapping is done to, for example, treat MYREALM.COM as a
On Tue, 12 Aug 2014 17:28:06 -0700, Russ Allbery wrote:
> I believe KrbLocalUserMapping calls krb5_aname_to_localname, so another
> option is to leave it on and change, in the Kerberos configuration, how
> local user mapping is done to, for example, treat MYREALM.COM as a
> second local realm (if
Jaap Winius writes:
> First, I started out with this configuration for
> libapache2-mod-auth-kerb (v5.4-2 on Debian wheezy):
> AuthType Kerberos
> KrbAuthRealms EXAMPLE.COM
> KrbServiceName Any
> Krb5Keytab /etc/apache2/krb5-apache.keytab
> KrbLocalUserMapping On
> AuthName "Example
Hi folks,
As I make progress with my Kerberos configuration for Apache, cross-realm
support leaves something to be desired.
First, I started out with this configuration for libapache2-mod-auth-kerb
(v5.4-2 on Debian wheezy):
AuthType Kerberos
KrbAuthRealms EXAMPLE.COM
KrbServiceName Any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.12.2. Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.
RETRIEVING K
On Tue, 12 Aug 2014 08:56:03 -0700, Russ Allbery wrote:
> Make sure that you added HTTP keys (all caps), not lowercase http. The
> case matters.
Okay, I was using lower case. I've changed it to upper case and now it's
working.
Earlier, I thought I had a lower-case configuration working on a le
Jaap Winius writes:
> Until recently, using ssh with Kerberos authentication to connect to
> these same hosts was also a problem, until I set GSSAPIStrictAcceptorCheck
> to 'off' in sshd_config and added lots of host keys to the system keytab
> to match the reverse lookup names of the machine'
Thanks!
Dnia 2014-08-09, sob o godzinie 16:20 +0100, Dameon Wagner pisze:
> On Sat, Aug 09 2014 at 00:41:07 -0400, Greg Hudson scribbled
> in "Re: Machine authentication":
> > On 08/08/2014 03:37 AM, jarek wrote:
> > > Is it possible to receive ticket for host principal and use
> > > this tic
Hi folks,
My site has a number of multi-homed Apache web servers for which I can't
get Kerberos authentication to work properly.
Until recently, using ssh with Kerberos authentication to connect to
these same hosts was also a problem, until I set GSSAPIStrictAcceptorCheck
to 'off' in sshd_conf
11 matches
Mail list logo
