Re: Problems running kinit on HP-UX 11.00, 11i

On 1116363066 seconds since the Beginning of the UNIX epoch Sam Hartman wrote: > >>>>>> "Roland" == Roland Dowdeswell <[EMAIL PROTECTED]> writes: > >Roland> On 1116021302 seconds since the Beginning of the UNIX >Roland> epoch >Ro

Re: Problems running kinit on HP-UX 11.00, 11i

provides a pthread_once() that returns true without calling anything if -lpthread is not specified. We probably need a more generic solution... -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/ Kerberos mailing list

Re: /etc/hosts and DNS

esponding. > >If someone has a better idea, please tell me. Yes, issue a ICMP6_FQDN_QUERY to the host and use its response. On NetBSD, e.g., ping6 -w will do this. Better than writing a new service, write a DNS nameserver which will do this and delegate reverse mapping of IPv6 PTR requests to it. -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Java Pre-auth for Windows 2003 mixed case revival

ly convince me to send a DES PA_TIMESTAMP... -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

too many DNS SRV RRs.

In our environment, we have noticed that MIT krb5 1.3.1 fails to use DNS to find KDCs if there are too many entries. We have about 75 AD DCs. Has anyone else noticed this issue? Thanks, -- Roland Dowdeswell http://www.Imrryr.ORG/~elric

Re: Using Kerberos5 for login

o you will have to kinit(1) when you go back to work. -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

Re: AW: AW: AW: Example for kinit -S ... ?

st method should work. In general you do not need to obtain specific tickets for services, you can just use the TGT to get them. In example 3, you have REALM1 and REALM2: are these different and if so do you have cross realm trust setup appropriately? -- Roland Dowdeswell

Re: AW: AW: Example for kinit -S ... ?

make it cron-able without writing passwords in the cront >ab. Is it possible? If you have the keys in a keytab, then: $ kinit -S SAPServiceWD2/@ -kt will get the key from the file . -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/ _

Re: Kerberos authentication without reverse lookup

ntrol the IP PTR RRs. Even if I have a secure way of querying the PTR RRs, they are not under my control and therefore I should not trust them. Or if I have a machine co-located, the PTR RRs are under the control of the ISP not me. PTR RRs should not be used (IMO, again) for any security sensiti

Re: Kerberos authentication without reverse lookup

be better to just use ICMP6 a la ``ping -w host''---at least with IPv6 asking a host for its name is an implemented standard. -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/ Kerberos mailing list Kerbe