Hi Folks,
Thanks for the feedback everyone.
On 13/02/2009, at 3:52 AM, Douglas E. Engert wrote:
>
>
> Edward Irvine wrote:
>> Hi Folks,
>> Is there a ticket beween client and server that expires? If so,
>> how does it get renewed?
>> Kerberised NFS presu
Hi Folks,
Is there a ticket beween client and server that expires? If so, how
does it get renewed?
Kerberised NFS presumably requires authentication and (optionally)
encryption between client and server, so presumably the client needs
to get a ticket prior to contacting the server.
I appea
Hi Folks,
Has anyone else had trouble changing passwords from a Solaris client?
I'm using the Solaris 10 version of kpasswd:
/bin/kpasswd unsername
kpasswd: Changing password for [EMAIL PROTECTED]
Old password:
kpasswd: Cannot establis a session with the Kerberos administrative
server for rea
Hi,
On 29/07/2008, at 6:43 PM, Abhishek Chowdhury wrote:
>
> I want to configure passwordless ssh after successful kinit.
>
> for that I have to change configurations in etc/ssh_config:
>
>
> GSSAPIAuthentication yes
> GSSAPIDelegateCredentials yes
>
> but we dont have these options in ssh_config
Hi,
I'd like to find out if there is any way to extract a HOST keytab for
a windows computer that is already a member of an active directory
domain.
A Java developer I look after wants to do the single sign on thing to
his web application. Our environment is a mixed Active Directory and
S
Roman - the following may help.
On 05/09/2007, at 4:45 PM, [EMAIL PROTECTED] wrote:
On 4 Sep., 20:26, "Christopher D. Clausen" <[EMAIL PROTECTED]> wrote:
Michael B Allen <[EMAIL PROTECTED]> wrote:
On 9/4/07, Roman S <[EMAIL PROTECTED]> wrote:
I've configured a Microsoft Active Directory
Hi Folks,
I eventually gave up trying to coax the default sshd on Solaris 10 to
play nice with GSSAPI - the show-stopper was that it failed with
usernames > 8 characters.
So I compiled my own OpenSSH+OpenSSL+MITKerberos. It now works, in 64
bit mode.
A how-to guide can be found here:
h
Hi Folks,
I have a Solaris 10 server with two ip addresses: "fixed.example.com"
and "float.example.com". The latter is an IP address that the server
sometimes assumes as part of its role in a high-availability cluster.
I have compiled my own openssh+gssapi version of sshd, and have got
ss
Gayal wrote:
> Hi,
>
> I tried several tutorials to setup my own KDC but no success.
> Can anyone tell me a quick how to?
The kerberos section from the FreeBSD handbook is as quick a howto as you will
get. It is based on Heimdal.
Here is the link
http://www.freebsd.org/doc/en_US.ISO8859-1/boo
Hi,
We are using the stock solaris 10 sshd daemon and a W2K3 KDC.
Everything works fine except for one of our users who has a ten character username. The user with a long username fails to login from a number of clients, such as another solaris 10 computer, and a SecureCRT terminal emulator on w
Hi Lars,
Lars Schimmer wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi!
>
> After some testing I got a few test PCs with debians "etch" system do
> ticket forwarding and obtaining afs tokens.
> Now I want to use putty and winscp from windows to login without a
> password on that
Ramesh,
Many people don't use klogin, ktelnet, or kftp any more. They just use ssh and
sftp.
On Linux, I believe you will have to set
"GSSAPIAuthentication yes" in /etc/ssh/sshd_config,
and
"GSSAPIAuthentication yes" in /etc/ssh/ssh_config
you will want to read the ssh_config and sshd_con
Folks,
I've updated this a little after a co-worker gave it a test drive. But I note I
have not received a single comment from this list :)
Note that I couldn't get SecureCRT to work without the MIT Kerberos for Windows
NetID manager installed (just running in the backround in default mode). I
Hi Bob,
Try this:
[domain_realm]
.cablecar.local = CABLECAR.LOCAL
cablecar.local = cablecar.local
Eddie
Bob Jaques wrote:
> I am setting up samba in a windows 2003 environment and am trying to
> confirm kerberos authentication.
> When I run kinit on my Linux machine I get a me
Chris,
You might try changing your domian_realm section to look a little more like
this:
[domain_realm]
whatever.com = WHATEVER.COM
.whatever.com = WHATEVER.COM
Eddie
Chris cc wrote:
Hi Guru,
I just finish setting up a kerberos authentication; however, I seem to
have a problem
Folks,
After a bit of expermentation, I put together the following. It is kind of what
I wish I had six months ago... Maybe something like this has been done before,
but I haven't been able to find it.
http://220-245-28-18.static.tpgi.com.au/~irvinee/gssapi-sol10/gssapi-howto.html
Still in dra
16 matches
Mail list logo