Hello,
I configure subversion (web_dav) to use mod_auth_kerb
in shell, no prob it's using ticket_cache but from eclipse (for ex), it
use basic auth.
Some commits fail because of this error :
failed to verify krb5 credentials: Request is a replay
I know that it is a kdc error but what does it
Well !
It worked but having to delete and recreate all principals is very
painful !!!
Anyway it works, I'll have to deal with my users now ;-)
Thank you !!!
Russ Allbery wrote:
FM [EMAIL PROTECTED] writes:
I'm trying to use kinit with kerberos but :
bin/kinit [EMAIL PROTECTED
Hello,
I'm trying to use kinit with kerberos but :
bin/kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:password
Exception: krb_error 31 Integrity check on decrypted field failed (31)
Integrity check on decrypted field failed
KrbException: Integrity check on decrypted field failed (31)
Hello,
I'm trying to create a slave server (RHEL 3 on master and slave).
on slave :
I installed krb5-server
I create db with kdb5_util create -s
I configure and start kpropd
I have a krb5.keytab with : host/[EMAIL PROTECTED] (from master)
on the master :
I dump master DB and sync it witgh kprop
the krb5kdc
authentification : ok
is it a good thing to copy the /k5 ?
FM wrote:
Hello,
I'm trying to create a slave server (RHEL 3 on master and slave).
on slave :
I installed krb5-server
I create db with kdb5_util create -s
I configure and start kpropd
I have a krb5.keytab with : host
Hello,
I'm trying to use mod_auth_kerb to authenticate users with kerberos. But
when I try to authenticat myself http error_log show :
[error] [client 192.168.4.171] krb5_verify_init_creds() failed: Key
table entry not found
I already use mod_ath_kerb with success bun only from LAN to LAN
Thanks for the reply,
We're using Linux
browser is Firefox
KDC : MIT Kerberos 1.3
you can use http if you add tu http conf : KrbServiceName http
thank you for the ML Link !
Achim Grolms wrote:
On Monday 14 November 2005 18:48, FM wrote:
I'm trying to use mod_auth_kerb to authenticate
Thank you, I'll use HTTP as service name
there a PXI firewall but for now all ports are open from the server to
kerberos server and there is non nat.
Do I also need a princ host/... ? For now I just have the HTTP/
Achim Grolms wrote:
On Monday 14 November 2005 20:43, you wrote:
Thanks
Hello I have a strange prob with one server :
When I try to connect using SSH + gssapi it prompt for my password and
(in verbose mode) I have :
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Miscellaneous failure
Generic error (see e-text)
On the krb54 log, the etexts is
an IssueTracker issue open with RedHat to roll in the
refresh_creds option changes from the sourceforge pam_krb5 into the
stock RedHat RPM.
We're hoping to see something in RHEL3 and RHEL4.
-- Tom
Thomas A. La Porte, DreamWorks SKG
mailto:[EMAIL PROTECTED]
On Tue, 20 Sep 2005, FM wrote:
I'm
Hello,
We are are using MIT krb5 + LDAP on server and pam_krb5
(pam_krb5-2.1.2-1) on clients
I'd like to use nfsv4 sec=krb5 for my home users folers.
with sec=krb5, the nfs server will check the TGT of the user, the prob is :
when you unlock you computer, yout TGT is not creat of renew.
So
not refresh or recreate a TGT.
So if TGT expires, and my home folder is using NFSV4 (sec=krb5) and I
won't be able to access it.
Douglas E. Engert wrote:
FM wrote:
Hello,
We are are using MIT krb5 + LDAP on server and pam_krb5
(pam_krb5-2.1.2-1) on clients
I'd like to use nfsv4 sec=krb5
I'm using pam_krb5 include with RedHat enterprise 4.
I look inside the README in the source and there is no refresh_creds option.
Which pam_krb5 are you using ?
Douglas E. Engert wrote:
FM wrote:
Thanks for your reply,
The prob is that xscreensaver (with pam_krb5) authenticate me :
Sep
Hello,
I'm not use to Object oriented programming.
Do you have sample script that update principal using this perl package ?
Thanks !
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Sorry for the first post
Hello,
I'm not use to Object oriented programming.
Do you have sample script that update principal password using this perl
package ?
Thanks !
Kerberos mailing list Kerberos@mit.edu
Hello,
Do you have example to manage kerberos db using perl
I create a simple test script :
$handle =
Authen::Krb5::Admin-init_with_password($ADMINPRINC,$adminpass);
$kp=Authen::krb5::get_default_realm();
print $kp;
but I received :
Undefined subroutine Authen::krb5::get_default_realm
I'd like
, FM wrote:
Hello,
Do you have example to manage kerberos db using perl
I create a simple test script :
$handle =
Authen::Krb5::Admin-init_with_password($ADMINPRINC,$adminpass);
$kp=Authen::krb5::get_default_realm();
print $kp;
but I received :
Undefined subroutine Authen::krb5::get_default_realm
Hello,
My ldap server + KRB5 will replace my NIS server and y samba server.
In samba, I can script to update the PRINCIPAL of the users. So not prob
to sync when changing password from windows machines.
Now, if my user use kpasswd to change his password, it is not in sync
with the samba
hello,
here is the getprinc USER :
Authenticating as principal root/[EMAIL PROTECTED] with password.
Principal: [EMAIL PROTECTED]
Expiration date: [never]
Last password change: Wed Dec 01 13:54:53 EST 2004
Password expiration date: Thu Mar 31 13:54:53 EST 2005
Maximum ticket life: 7 days 00:00:00
:15:35 12/02/04 01:15:35 ldap/[EMAIL PROTECTED]
Kerberos 4 ticket cache: /tmp/tkt596
klist: You have no tickets cached
Kenneth Grady wrote:
look at principal krbtgt/[EMAIL PROTECTED] and kadmin/[EMAIL PROTECTED]
grep max krb.conf and krb5.conf
On Wed, 2004-12-01 at 12:22, FM wrote
We just replaced NIS witg ldap/kerberos
How can I auto renew ticket ?
I saw several setting for krb5.conf like ticket_lifetime. But I
completely new with krb5
thanks !
FM
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu
21 matches
Mail list logo