Lloyd wrote:
> Hi,
> I am new to kerberos and trying to set up in a sample scenario as
> part of learning. I have downloaded and installed Kerberos 5 on a
> Linux system. As per the install guide I have successfully configured
> KDC and Application server. in the application server the "ftpd"
>
Windows AD accounts require "allow this account to be trusted for
delegation" to have Internet Explore actually delegate credentials to
the web server (which you are requesting via the KrbSaveCredentials On
parameter.) Try turning this off and see if it does what you want.
Also, (and this is p
Jeff Blaine wrote:
> Thanks Doug
>
>> The which PuTTY has GSSAPI:
>>
>> Quest has one that uses SSPI. http://rc.quest.com/topics/putty/
>
> Hmm, I can't see to get this to work at all (ignoring CVS).
>
> I have KfW creds for jblaine, afs, and krbtgt on this Windows
> box.
I believe that Quest's p
Marcello,
Can you show us the output of klist -kte (as root) on the machine
running sshd? You need to have a proper keytab for ssh to use GSSAPI
authentication.
Against AD, you can generate a keytab using ktpass.exe. Make sure you
are using the 2003 SP2 version (or newer) of ktpass as some k
Nikolay Shopik wrote:
> Hello,
>
> Does 64bit version of KfW work with 32bit version app? Because for me
> looks like 64bit version doesn't work with 32bit apps.
No. Just install both the 32-bit and 64-bit versions to support both
32-bit and 64-bit apps.
And last I tried it, the order they wer
Marcello Mezzanotti wrote:
> On Wed, Jan 6, 2010 at 12:30 PM, Bob Rasmussen wrote:
>> 1) What version(s) of PuTTY work in your environment? Did you try the
>> developer's build from the official PuTTY site?
>
> http://sweb.cz/v_t_m/putty/PuTTY-0.58-GSSAPI-2005-07-24.zip
>
> i tested another clie
Is this for an actual Windows computer? Or a non-Windows machine
running something like Samba?
-
I see these all the time. I believe these occur on occation when a
computer account automatically updates its machine account password in
Active Directory. (This is a normal function of a co
3
> TCP Statistics for IPv4
> Failed Connection Attempts = 4275
> Segments Retransmitted = 24512
> UDP Statistics for IPv4
> Receive Errors = 22753
>
>
> Please let me know if any other information is required.
>
>
>
>
>
>
ng over there. But I could not understand it.
>
> It's my humble request to verify those and make me understand.
>
>
>
>
>
> From: Christopher D. Clausen
> To: raj esh L
> Cc: kerberos@mit.edu
> Sent: Wed, 20 January, 2010 21:15:
Jason Edgecombe wrote:
> We want to have a tool for our help desk students to list and kill
> processes for other users on workstations along with being able to
> trigger a remote shutdown or reboot.
Tasklist.exe, taskkill.exe and shutdown.exe are already on Windows
systems and already do this,
Jason Edgecombe wrote:
> Christopher D. Clausen wrote:
>> Jason Edgecombe wrote:
>>> We want to have a tool for our help desk students to list and kill
>>> processes for other users on workstations along with being able to
>>> trigger a remote shutdown or rebo
John Jasen wrote:
> Michael B Allen wrote:
>
>> Actually I would not be surprised if that "hot fix" is never made
>> public. DES is being phased out. If you have any Windows accounts that
>> use DES, you should update them to AES-256, AES-128 or RC4 in that
>> order of preference.
>
> I'd have to
Jeremy Hunt wrote:
> On 23/03/2010 3:18 PM, Sayali Patankar wrote:
>> I require some help in understanding Kerberos. I am very new to this
>> concept and hence required help in some basic commands.
>> My application uses Kerberos and I wanted to know whether there is some
>> unix command which I
Russ Allbery wrote:
> Simo Sorce writes:
>> Ah sorry, I thought he wanted to use them as completely alternative
>> users. If you do map each MIT principal to an existing Windows user then
>> it does work, although it seem to make sense only as a transition tool
>> to me.
>
> It's the way that we
Jean-Yves Avenard wrote:
> Am I to understand that it is not currently possible to authenticate
> on a windows machine using a MIT kerberos KDC ? It would be a good
> windows domain replacement
I sort-of have this working, although this is probably different than your
setup.
UIUC.EDU is an MIT
Jean-Yves Avenard wrote:
> I have now identified the cause of the issue.
> When using mod_auth_kerb with MIT krb5 v1.6.x it works perfectly
> with krb5 1.7 and 1.7.1 same.
> However, I get this "GSS-API major_status:000d,
> minor_status:000186a3" error whenever I use MIT 1.8.x kerberos
> libra
Russ Allbery wrote:
> Brian Candler writes:
>
>> (1) create separate principals for each user who should have root access,
>> e.g.
>> candl...@foo.example.com
>> candlerb/ad...@foo.example.com
>
>> Then map */admin to the root account using auth_to_local, and people
>> can use ksu to
Brian Candler wrote:
> The error message from /var/log/http/ssl_error_log was unhelpful:
>
> [Mon Oct 11 11:20:17 2010] [error] [client 172.31.131.185]
> krb5_verify_init_creds() failed: Key table entry not found
>
> What was even more odd, if I did a 'su' to the apache user, I was able to
> 'kini
Ken Dreyer wrote:
> On Thu, Oct 21, 2010 at 1:10 PM, eric wrote:
>> I just want to know any differences that MIT and Heimdal have with each
>> other:
>
> I think someone at the 2010 Kerberos Conference summarized it this way:
>
> MIT is likely to be what your OS vendor ships. Heimdal has more fea
That blog doesn't say what you think it says, and I suspect it is referning
to domain joined Windows computers, not pure Kerberos non-Windows ones.
You'll note that when the CLIENT initiates a password change, the kvno is
incremented. This happens with any flavor of Kerberos. The (client)
com
I'm not using this myself (I create keytabs as needed manually using
ktpass.exe against AD) but this may be of interest to some of you:
http://www.eyrie.org/~eagle/software/wallet/
"One of the object types it supports is Kerberos keytabs, making it
suitable as a user-accessible front-end to Kerb
Try checking the "Account is sensitive and cannot be delegated" option
in the user properties and see if that does what you want. (I'm not
sure if it will or not, but I believe this is the option actually
intended to prevent Kerberos delegation.)
< Hi,
>
> Scenario : User A forwards his creden
For Active Directory:
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
< I did not get a response from anybody. Does anybody have instructions for
> setting up Constraint Delegation on any platform?
>
> Thanks,
> Joseph
>
> -Origin
It would be helpful to understand more of your environment. Can you
provide more details of what you are trying to accomplish?
Are multiple Kerberos realms involved or just a single Active Directory
domain? Is an MIT KDC involved? Or just MIT Kerberos clients?
What errors are you seeing with M
I have used this as a guide, but I think MIT Kerberos version 1.10 is
the latest available:
https://www.cisecurity.org/benchmark/mit_kerberos
Not sure if this is what you are looking for or not.
<
Preferably something smaller and more focused than nmap or OpenSCAP. 😉
From: Brent Kimberley
Sent
101 - 125 of 125 matches
Mail list logo