on't strictly need AD for that – if EAP is handled by
FreeRADIUS, kcrap-lnf can handle MSCHAPv2 (i.e. the part ntlm_auth
usually handles) directly using the MIT KDC database, as the rc4-hmac
keys are compatible with what MSCHAPv2 needs.
--
Mantas Mikulėnas
___
g RSA key 15024CD3749D7889
> gpg: requesting key 15024CD3749D7889 from hkp server pool.sks-keyservers.net
> gpg: Total number processed: 1
> gpg: skipped PGP-2 keys: 1
> gpg: Can't check signature: No public key
--
Mantas Mikulėnas
hanks for a answer,
>
> I didn't know that systemd was also stamping all over cron like that,
That's because it doesn't.
There is no code in systemd that would read crontab files, nor does it
embed itself into a running crond to remove specific functions.
--
Mantas Mikulėn
he windows LSA credentials
>> store, which is not populated by stock KfW 3.2.
>
> I am aware of that. I just wanted to know why he uses KfW at all and not
> SSPI.
If this is a simple Kerberos realm (not Active Directory), configuring
LSA to obtain Kerberos credentials is much more troublesome than
setting up KfW.
--
Mantas Mikulėnas
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
the DIR type is only supported as of MIT Krb5 v1.10 and needs
at least nfs-utils v1.2.7-rc5, as well as reconfiguring the client
systems – both to create DIR ccaches on login (instead of FILE) and to
use DIR for the default ccache.
--
Mantas Mikulėnas
_
and _kerberos-master._udp sharing
daemons and ports, I see no reason there couldn't be a _wallet._tcp
SRV record.
> There are also security issues with trusting DNS if you don't have DNSSEC
> configured.
How are they different from trusting DNS to correctly
nly used when
performing password changes or other write operations
(kpasswd/kadmin), since normal kprop is unidirectional. But since the
multi-master setup allows writing to any LDAP server, it's possible to
have kadmind running on all KDCs, and modifications can be done on any
of them.
--
is example,
both [kdc_cert] and [client_cert] sections:
<http://k5wiki.kerberos.org/wiki/Pkinit_configuration#Extensions_file>
--
Mantas Mikulėnas
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
l CD
User:
* I'd prefer to use Microsoft's Kerberos if such a thing exists
(MIT Kerberos has a stupid interface)
* I use PuTTY for SSH
* I have the QuestPuTTY mod
* I like command-line
* I don't like Cygwin
Server:
* Heimdal Kerberos
* Debian Linux
* I know the realm and KDC serve
