Hi All-
I'm having this weird issue that I'm hoping someone can shed some light
on. I've got a dictionary file of words I want to keep from being used
in passwords but I can't seem to get it to work. This is what's in my
kdc.conf file:
-
[kdcdefaults]
acl_file = /var/kerberos/krb5kdc/k
> You fundamentally misunderstand how network authentication and
> credential forwarding work.
No, I think I do understand it. All you have written below are steps I
have taken and am sorted with. Perhaps I'm not making myself very clear
in describing the problem I'm having (which I can certai
> With OpenSSH-4.1 at least ssh_gssapi_krb5_storecreds and
> ssh_gssapi_krb5_userok make krb5 API calls as gss never had a simple
> authz function or a way to save the delegated creds.
>
> Solaris 10's sshd uses PAM, to do these. OpenSSH should look at that
> approach too, then it would not need K
Crud, I was hoping you wouldn't say that... :(
-erich
Will Fiveash wrote:
> On Tue, Aug 08, 2006 at 04:49:14PM -0700, Erich Weiler wrote:
>> Hi all-
>>
>> I'm not sure this is the correct place to post about this but I'm
>> getting no respon
Hi all-
I'm not sure this is the correct place to post about this but I'm
getting no response over an OpenSSH.org, if there is a more appropriate
place to post please let me know... And the people at Sun scream at me
for even considering openssh when they supply their own version of SSH
which
al does not
> require preauthentication. In this, case the client does not actually
> authenticate itself to the KDC at all: the KDC simply sends out the
> encrypted TGT and relies on the fact that only the intended principal
> can decrypt it. Hence, I would expect these counte
Greetings all!
I'm having trouble finding the answer to a problem I'm having...
Basically, when I do a "getprinc username" through kadmin, I get:
kadmin: getprinc user
Principal: [EMAIL PROTECTED]
Expiration date: [never]
Last password change: Fri Jul 21 16:26:28 PDT 2006
Password expiration da
Hi All-
I'm hoping some of you Sun Kerberos gurus can tell me if my problem can
be resolved... Basically I have my test Solaris 10 system set up to
authenticate, via PAM, in 3 ways.
First it checks if you have a local account and then let's you in if so.
Second it checks to see if you have a K
Never mind, it worked! The client just needed a reboot. Thanks again
for your help!
ciao, erich
Erich Weiler wrote:
> Hi Kevin,
>
> Aha, I think, if I'm reading this correctly, the version numbers are
> defintely off:
>
> (on KDC)
> % klist -e -k -t /etc/krb5.
> Your nfs server's keytab has kvno 5. You need to do the getprinc on
> that same principal to see what the key version number is in the KDC.
> (Your klist shows principal nfs/[EMAIL PROTECTED], but the
> getprinc output is for nfs/[EMAIL PROTECTED])
>
> The kvno of the extracted key in the nfs s
> Hmm... krb5cc_0 would seem to be root's Kerberos cache. Is NFS just
> being explicitly denied for root? Or is root otehrwise treated
> differently than normal user accounts? (I use OpenAFS myself, so I
> don't really know how this NFSv4 stuff works.)
NFS shouldn't be denied for root as far
match the key version
> displayed by getprinc for the same principal within kadmin.
>
> K.C.
>
>
> On 6/19/06, Erich Weiler <[EMAIL PROTECTED]> wrote:
>> Greetings all,
>>
>> We're having some problems getting kerberized NFSv4 working in our
>>
Hi Christopher,
> Is there a particular reason you are limiting yourself to DES keys?
> (This isn't a problem though, just a question.)
No reason really, just using DES keys for testing. Once I get this
working I'll move up to better encryption.
> I'm pretty sure MYREALM.COM is a default valu
Greetings all,
We're having some problems getting kerberized NFSv4 working in our
environment, was hoping someone would have an idea or two of what's
going on. We've set up our KDC (Fedora Core 5 box) and it's working
great, people are logging in and getting tickets, all is well there.
What I
We were using MIT krb5 because all of the other platforms on our network
(mostly different flavors of linux) were using MIT krb5, so I thought we
should use it on the Suns as well just for the sake of homogeneity.
Sun's version of LDAP had a very tough time reading our OpenLDAP server
so we had
% exportfs -v
/exports/home
gss/krb5(rw,wdelay,nohide,insecure,root_squash,no_subtree_check,anonuid=65534,anongid=65534)
/exports/boot
gss/krb5(rw,wdelay,nohide,insecure,root_squash,no_subtree_check,anonuid=65534,anongid=65534)
/exports
gss/krb5(rw,wdelay,nohide,insecure,root_squash,no_subtree_c
Hi All,
I've been beating my head against this for a while now and thought I'd
post here to see if anyone knows where I'm going wrong. I installed
MIT's Kerberos on my Solaris 10 box, using krb5 to authenticate against
a Kerberos server running Fedora Core 5. Works great, I can SSH in to
my
17 matches
Mail list logo
