Clear as mud: PKINIT and -nokey principal addition (krb5-1.13)

Hello all, My aim is to use krb5-1.13 with its PKINIT capability to configure password-less authentication of mobile devices. Additionally, I intend my application servers running HTTP to use SPNEGO/Negotiate to verify authenticity of the aforementioned devices for service authorisation. Despite

RE: Documentation__Database administration

Thanks for replying Tom, Yes it is indeed just a question. Kerberos team, can you help answer it please? Cheers, Dan -Original Message- From: Tom Yu [mailto:t...@mit.edu] Sent: Monday, January 05, 2015 1:24 PM To: Donovan, Dan: Barclays (LDN) Cc: krb5-bugs-ow...@mit.edu Subject: Re:

Re: Clear as mud: PKINIT and -nokey principal addition (krb5-1.13)

On 01/05/2015 03:24 AM, Siddharth Mathur wrote: Despite deploying the right kind of client certificates on my mobile devices (iOS) and using the right type of certificate on the KDC, I am not sure if they are talking certificates at all. How do I debug if the certificate matching rules are

Re: Wrong principal in request error on gss_accept_sec_context()

On 01/05/2015 04:04 PM, Xie, Hugh wrote: Any follow up on this issue? Do you need any more information? Should I turn on debugger to see where this error occurred, if yes I need some pointer which files to set break points. I'm a bit confused by the information given so far, and I think some

RE: upgrading kerberos 1.9.4 to 1.13 with LDAP backend

We are ready to schedule this update, so I thought I'd try just one more time to see if there were any other thoughts on this plan or any known issues that might occur that would be problematic. Thanks much. -Original Message- From: Paul Henson [mailto:paul.b.hen...@gmail.com] On

next Kerberos ops/admin teleconference January 6th

Kerberos operators and administrators are invited to a public monthly operations-focused teleconference. These take place the first Tuesday of each month at 13:00 (1:00pm) US Eastern Time. The next one will be on January 6th. This is an opportunity for operators or administrators of Kerberos

RE: Wrong principal in request error on gss_accept_sec_context()

1. /efs/dist/kerberos/mit/1.11.5/exec/bin/klist -k -t $KRB5_KTNAME Keytab name: FILE: /tmp/myacct.keytab KVNO Timestamp Principal --- -- 2 12/17/2014 15:30:08 mya...@common.bankofamerica.com 2. This is window

Re: Clear as mud: PKINIT and -nokey principal addition (krb5-1.13)

It might help to try deploying to a regular Unix client, to help distinguish between client-side issues with the iOS Kerberos implementation (which I'm not very familiar with) and server-side issues. Thanks for debugging tips Greg, will try them out ASAP and report back. Overall, does what I