Hi Markus
Is it possible to do:
netdom trust HHK.DK /domain:CBS.DK /addtln:od.cbs.dk
And only have windows clients ask my MIT kerberos server when accessing
https://od.cbs.dk ?
or is it only for the whole domain.
Med Venlig Hilsen / Kind Regards
Mikkel Kruse
Johnsen
Adm.Dir.
Linet
\Kerberos\Domains\CBS.DK in the reg.
Have been searching the net for month now. Anyone has any ideas what is
wrong ?
Is there a way to map domain to realms in Windows like [domain_realm] in
krb5.conf ?
Med Venlig Hilsen / Kind Regards
Mikkel Kruse
Johnsen
Adm.Dir.
Linet
Ørholmgade 6 st tv
Hi Kronus
You definitely have to use mod_auth_kerb's internal SPNEGO to get it to
work. I spent a lot of time realizing that.
the ok_as_delegate flag is not in kerberos, but it is a very simple
patch. See attacthment.
Med Venlig Hilsen / Kind Regards
Mikkel Kruse
Johnsen
Adm.Dir.
Linet
Hello,
I have a few more questions
On Sat, Mar 7, 2009 at 10:45 AM, Mikkel Kruse Johnsen
mik...@linet.dk wrote:
Hi Henrik
Yes, that is possible.
You need to set your LDAP to authenticate using SASL like
);
@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
if (($linkId = @ldap_sasl_bind($ds, NULL, NULL, GSSAPI)) ==
false) {
return false
}
Med Venlig Hilsen / Kind Regards
Mikkel Kruse
Johnsen
Adm.Dir.
Linet
Ørholmgade 6 st tv
Copenhagen N 2200
Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Med Venlig Hilsen / Kind Regards
Mikkel Kruse
Johnsen
Adm.Dir.
Linet
Ørholmgade 6 st tv
Copenhagen N 2200
Denmark
Work:+45
21287793
Mobile: +45
21287793
Email:
[EMAIL PROTECTED]
IM:
[EMAIL PROTECTED]
(MSN)
Professional
,
Florian
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Med Venlig Hilsen / Kind Regards
Mikkel Kruse
Johnsen
Adm.Dir.
Linet
Ørholmgade 6 st tv
Copenhagen N
wrote:
Mikkel Kruse Johnsen wrote:
Hi All
I got it to work. It seems there is an error in the SPNEGO code on MIT
Kerberos. When compiling mod_auth_kerb to use it's internal SPNEGO code
everything works fine.
This patch works for me as well. I simplified it significantly to just
SPNEGO Mikkel gets the same results
as if he uses his Firefox.
Any ideas?
Achim
Received-SPF: pass (0: SPF record at ispgateway.de designates 80.67.18.14 as
permitted sender)
!DSPAM:46c1e6cb107062091219428!
Mikkel Kruse
Johnsen
Adm.Dir.
Linet
Ørholmgade 6 st tv
Copenhagen N 2200
Hi Achim
As promised.
On Wed, 2007-08-01 at 21:47 +0200, Achim Grolms wrote:
On Wednesday 01 August 2007 09:52, Mikkel Kruse Johnsen wrote:
Hello Mikkel,
please provide me some more information.
1. You wrote you have successfully done delegation using another
Webclient. Please send
2007] [error] [client 130.226.36.170] Cannot store
delegated credential (gss_krb5_copy_ccache: Invalid credential was
supplied (No error))
/Mikkel
On Fri, 2007-07-27 at 20:19 +0200, Achim Grolms wrote:
On Friday 27 July 2007 09:14, Mikkel Kruse Johnsen wrote:
After the patch (attached) I get
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.50426
+ umask 022
+ cd /home/mkj/rpm/BUILD
+ cd mod_auth_kerb-5.3
+ rm -rf /var/tmp/mod_auth_kerb-5.3-4-buildroot
+ exit 0
On Fri, 2007-07-27 at 09:14 +0200, Mikkel Kruse Johnsen wrote:
Hi
Settings check:
network.negotiate-auth.allow-proxies = true
. Enter a comma-delimited list of trusted domains
or URLs.
Click OK. The configuration appears as updated.
Restart your Firefox browser to activate this configuration.
Mikkel Kruse Johnsen wrote:
Hi Douglas
Im not sure what to look for, but here is the dump. If you are able to
see
] Cannot store
delegated credential (gss_krb5_copy_ccache: Invalid credential was
supplied (No error))
/Mikkel
On Wed, 2007-07-25 at 20:56 +0200, Achim Grolms wrote:
On Wednesday 25 July 2007 11:55, Mikkel Kruse Johnsen wrote:
Compiled the mod_auth_kerb with the attched
The modification does
On Mon, 2007-07-23 at 16:27 -0500, Douglas E. Engert wrote:
Mikkel Kruse Johnsen wrote:
Hi Markus
Yes that is what I want. I need the KRB5CCNAME (the credential) so I can
login to my OpenLDAP SASL based server and PostgreSQL with kerberos.
So what you need is the Kerberos
-07-18 at 13:14 -0500, Douglas E. Engert wrote:
Stephen Frost wrote:
* Mikkel Kruse Johnsen ([EMAIL PROTECTED]) wrote:
Now I only have the problem that mod_auth_kerb don't write my
credentials to KRB5CCNAME (in PHP).
My kerbtray under windows says it is Forwardable but no Ok
it like a domain controller !!!
Markus
Mikkel Kruse Johnsen [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi All
That did the trick, recompiling krb5-1.5 (on RHEL5 64bit) with
that patch.
Now I only
Grolms wrote:
On Tuesday 17 July 2007 09:41, Mikkel Kruse Johnsen wrote:
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
may provide more information (Cannot allocate memory)
What OS and what Kerberoslibs do you use?
Background of this question:
I've seen
On Wed, 2007-07-18 at 12:37 +0200, Achim Grolms wrote:
On Wednesday 18 July 2007 10:01, Mikkel Kruse Johnsen wrote:
Now I only have the problem that mod_auth_kerb don't write my
credentials to KRB5CCNAME (in PHP).
Some knowledge on Credentials delegation I have stolen from
mailinglists
at 00:05 +0100, Markus Moeller wrote:
I think you need to tell AD that keys for systems in the cbs.dk domain can
be retrieved frpm CBS.DK.
Try netdom trust HHK.DK /domain:CBS.DK /addtln:cbs.dk on your kdc.
Markus
Mikkel Kruse Johnsen [EMAIL PROTECTED] wrote in message
news:[EMAIL
20 matches
Mail list logo
