Re: LDAP + Kerberos grouping/password

2008-12-19 Thread Coy Hile
On Fri, 19 Dec 2008, Mathew Rowley wrote: > Do you have to sync passwords between Kerberos and LDAP if I am using LDAP > for user specific information? For example, if I ssh to a box, I want it to > authenticate with kerberos, but get the gid/uid/shell/homedir from LDAP. Is > there a way to spec

Re: More fun with Russ' pam_krb5

2008-03-12 Thread Coy Hile
ll running into that stuff before. -- Coy Hile [EMAIL PROTECTED] "Unarmed combat is what we enter into when we have been foolish enough not to have a weapon; careless enough to lose our weapon, or unlucky enough to have broken our weapon" Kerb

Re: More fun with Russ' pam_krb5

2008-03-11 Thread Coy Hile
e enough to know what else I can do to debug this more. Any help you can give is appreciated. -- Coy Hile [EMAIL PROTECTED] "Unarmed combat is what we enter into when we have been foolish enough not to have a weapon; careless enough to lose our weapon,

More fun with Russ' pam_krb5

2008-03-11 Thread Coy Hile
in/aklog as UID 1000 Mar 11 20:24:52 ganymede xscreensaver[22746]: [ID 237248 user.debug] (pam_afs_session): : exit (success) Notice the ticket cache mentioned above. What am I missing to have xscreensaver updating the wrong ticket cache? -- Coy Hile [EMAIL PROTECTED] "Unarmed combat is wha

pam_krb5 (Russ' implementation) question

2008-03-06 Thread Coy Hile
I tweak the PAM stack to gain my desired behaviour? Thanks, -- Coy Hile [EMAIL PROTECTED] "Unarmed combat is what we enter into when we have been foolish enough not to have a weapon; careless enough to lose our weapon, or unlucky enough to have broken our weapon" _

Re: password expiry for a principal

2008-01-20 Thread Coy Hile
Is there some easy way to write an app that you'd run from /etc/profile to banner that sort of information? If I were using normal UNIX auth, I could do that relatively easily using the information in the shadow file. -- Coy Hile [EMAIL PROTECTED] _

Re: password expiry for a principal

2008-01-18 Thread Coy Hile
On Fri, 18 Jan 2008, Coy Hile wrote: > Thanks Tom. > > I'm using whatever ships with Solaris 10 Update 4. I can't tell you > what that is off the top of my head. > Reply to my own post: Russ, Does your pam_krb5 implmentation support this type of setup? The stock on

Re: password expiry for a principal

2008-01-18 Thread Coy Hile
. > Thanks Tom. I'm using whatever ships with Solaris 10 Update 4. I can't tell you what that is off the top of my head. -- Coy Hile [EMAIL PROTECTED] Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

password expiry for a principal

2008-01-17 Thread Coy Hile
: kadmin: modprinc +needchange cah220 Principal "[EMAIL PROTECTED]" modified. kadmin: quit [22:53:31]supergrover:~ % kinit cah220 kinit(v5): Password has expired while getting initial credentials [22:53:37]supergrover:~ % For what it's worth, I'm using an MIT kdc (actually

Query about an admin testing a user's creds

2007-12-27 Thread Coy Hile
nted? (I'm perfectly happy to accept "Because it's Really Stupid(tm) for the follwing reasons..." as an answer too :)) (Please retain the cc: on any reply as my work address is not on-list, only my personal address.) Thanks. -- Coy Hile [EMAIL PROTECTED] _