to help you :
http://serverfault.com/questions/129854/authenticating-windows-7-against-mit-kerberos-5
https://msdn.microsoft.com/en-us/library/bb742433.aspx
Cordialement,
Jean-Christophe Gay
- Mail original -
> De: "Russ Allbery" <ea...@eyrie.org>
> À: "Randolph M
,
--
Jean-Christophe Gay -- Université Paris Dauphine
Responsable de la Sécurité des Systèmes d'Information
Tel : 01 44 05 45 04
jean-christophe@dauphine.fr
signature.asc
Description: PGP signature
Kerberos mailing list Kerberos@mit.edu
https
password, then create the kerberos principal
associated with this user, and then update the LDAP password.
With this set we simply asked every one to change his password, this
time allowing users to set their old password.
--
Jean-Christophe Gay -- Université Paris Dauphine
Responsable de la
the other? It's the same clock
tob
After your ldapsearch command that fail, can you paste a klist result
please ? And maybe some of your krb5kdc.log file may be interesting.
--
Jean-Christophe Gay -- Université Paris Dauphine
Responsable de la Sécurité des Systèmes d'Information
Tel : 01 44 05 45
of that server isn't matching the principal name in
the KDC database.
Also, can you, after a succesfull ssh on ldap2.shadow.com obtain a TGT
from the KDC with that user ?
--
Jean-Christophe Gay -- Université Paris Dauphine
Responsable de la Sécurité des Systèmes d'Information
Tel : 01 44 05 45 04
jean
Did you add the line:
myu...@example.com
to the .k5login file for myuser on ssh-serv.etud.example.com?
The assumption is foreign principals are not allowed to login by
default. i.e. a local user in one realm is not the same as a local
user in another realm.
Also see the auth_to_local
Hi,
I'm configuring a Kerberos installation. I've got two KDC running. The
first one is in charge of the realm EXAMPLE.COM and the second one is
in charge of ETUD.EXAMPLE.COM.
In order to test this installation I add two ssh-servers to my two
KDCs, one for each realm. They are working. I can
