Eric Hill [EMAIL PROTECTED] writes:
What you are trying to prevent is a root user on system A accessing
user data on system B without knowing the users' credentials. This is
precisely what Kerberos prevents. System B will not accept inbound
sessions without a Kerberos ticket, and it is
Casey T. Deccio [EMAIL PROTECTED] writes:
I have a network on which machines do not have direct access outside.
Instead they are required to go through a particular machine which acts
as a gateway/proxy for various services. I'd like to have the inside
machines request kerberos tickets from
Sebastian Hanigk [EMAIL PROTECTED] writes:
Following up to myself for clarification:
Using mod_auth_gss
(http://cvs.opensolaris.org/source/raw/sfwnv/test_stevel/usr/src/cmd/apache2/mod_auth_gss/mod_auth_gss.c,
install with apxs -c -i -l gss mod_auth_gss.c) I have apache-2.2.8
running
Douglas E. Engert [EMAIL PROTECTED] writes:
As Jeff pointed out, not with GSSAPI. What you might be looking for
is slapd code to take a username and password and do in effect a kinit
and a verify tgt, or have a sasl plugin do it for your. I don't know
of one.
There is an ugly hack: having a
Ido Levy [EMAIL PROTECTED] writes:
Following your advice I tried to compile the module on RHEL 5 64 bit
architecture.
Unfortunately I got the following:
/usr/sbin/apxs -c -i -l gss ./mod_auth_gss.c
/usr/lib64/apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2
-g -pipe -Wall
Ido Levy [EMAIL PROTECTED] writes:
I am looking for a way to enable users to get access to their space through
the web browser.
I would like to integrate it with our Kerberized SSO environment as well.
I tried this module http://modauthkerb.sourceforge.net/ but I have
encounter some issues:
[EMAIL PROTECTED] (Mordur Ingolfsson) writes:
Morning,
I'm new to kerberos. I wish to use Kerberos for password verification
on a cyrus imap installation. My problem is, that since we serve
multiple domains, the usernames are in the form [EMAIL PROTECTED]
Is it possible to create principals
[EMAIL PROTECTED] (Nod) writes:
Hello,
you don't have to use LDAP for the accounts service; you can
authenticate via Kerberos and then use the /etc/passwd
Regards,
Sebastian
Indeed, but I'm trying to avoid deploying updated passwd files to 100+
servers.
Sure, I haven't read the
[EMAIL PROTECTED] (Nod) writes:
Hello,
To elaborate just a bit: Kerberos allows the server to believe that it is
talking to a particular Kerberos principal, which is a point in a
namespace entirely separate from the account space the host itself. The
decision of what, if any, local resources to