On Wed, 21 Sep 2016, laurent.bas...@developpement-durable.gouv.fr wrote:
> Hello all,
>
> I use Kerberos with the OTP plugin. It works fine except i don't know
> how to put more than 1 server in the otp configuration in the 'kdc.conf' :
>
> Actually my otp section in 'kdc.conf' :
>
> [otp]
>
Depends what you call "nice". KEYRING is a gaping security hole in
case of Docker or chrooted apps because it "leaks" keys through the
isolation AND does this randomly even into other Docker instances.
IMO the whole KEYRING stuff should be removed from the Linux kernel
and replaced with a sane des
tseegerkrb writes:
> Thanks for your help. Is my setup so special (kerberos/OpenLDAP/sssd/sshd)
> nobody using it? I think i will ask debian/ubuntu or the openssh
> maintainer for help.
It's sadly quite unusual to use non-FILE ticket caches. I wish it
weren't, since KEYRING has nice security pr
Hello all,
I use Kerberos with the OTP plugin. It works fine except i don't know
how to put more than 1 server in the otp configuration in the 'kdc.conf' :
Actually my otp section in 'kdc.conf' :
[otp]
myotp = {
server = xxx.xxx.xxx.xxx:1812
secret = /etc/krb5kdc/mysecret
