On Tue, Jul 31, 2007 at 01:54:58AM +, Faeandar wrote:
> The one is Solaris and Linux. Maybe Linux is 32, I don't know for
> sure.
> I hear that a system change on Solaris will allow for 32 but unless
> your NFS servers are Solaris you break NFS.
On FreeBSD you can adjust kern.ngroups (default
Howdy folks,
I'm looking for documentation on how to going about replicating my
existing MIT master KDC to a new Heimdal slave KDC. I've found
references in old Usenet posts that some sites have set their KDCs up
this way in order to make OpenAFS integration a bit easier (one of my
own reasons for
Howdy folks,
$ dsh -e -w athena uptime
athena: dsh: Internal error, aborting: No such file or directory
dsh is from the ClusterIt package, details at
http://www.garbled.net/clusterit.html, but it also occurs with regular
rsh:
$ rsh -x athena uptime
socket: protocol error or closed connection in
On Thu, Nov 18, 2004 at 08:59:41AM -0500, Eric Jonas wrote:
> I have deployed an MIT kerberos KDC in my lab, and am attempting to
> lengthen the ticket lifetime to a full day (this is using debian stable,
> kerberos version 1.2.4-5woody6).
>
> I've edited /etc/krb5kdc/kdc.conf to have max_life =
On Wed, Oct 06, 2004 at 12:07:23PM -0500, Kasundra, Digant wrote:
> I agree that the load is not an issue. But with out DNS round-robin,
> and without the load-balancer, we'd have to arbitrarily point our
> systems and services at one of the slaves. If that slave goes down,
> we'd have to scrambl
On Wed, Oct 06, 2004 at 09:59:06AM -0400, Ken Hornstein wrote:
> And let me echo the comments of others: we've run our Kerberos servers on
> the oldest, crappiest hardware we've had kicking around the dustbin (we
> upgrade it occasionally, but it's always to the latest "crappiest" system
> we've go
Howdy folks,
On 2 of my hosts my cross-realm trust seems to have fallen apart, from
other hosts it appears to be working.
My domain -> realm mapping is 1:1, i.e. a host resides in the realm with
the same name as it's domain (but upper-cased). The exception is the
sole ROSPA.CA host -- it's dual-h
On Thu, Aug 26, 2004 at 04:53:28PM -0600, Tillman Hodgson wrote:
> However, kadmind doesn't seem to want to start. The log file contains
> only:
>
> Aug 26 16:32:34 surya.seekingfire.prv kadmind[6458](info): Seeding random number
> generator
My mistake. NetBSD on a
On Thu, Aug 26, 2004 at 03:44:30PM -0600, Tillman Hodgson wrote:
> On Thu, Aug 26, 2004 at 04:34:00PM -0400, Sam Hartman wrote:
> > If not, you can swap around the bytes of the key length in your
> > favorite binary file editor.
>
> For anyone else digging throug
On Thu, Aug 26, 2004 at 04:34:00PM -0400, Sam Hartman wrote:
> The stash file is byte order dependent. This is painfully stupid, but
> none the less true.
At least it's fairly obvious -- my first guess as to the cause was
actually right ;-)
> If you know your master passwerd you can run kdb5_uti
Howdy,
I'm attempting to move an MIT krb5 database from an older Intel
(32-bit x86) machine running FreeBSD -current and krb5-1.3.4 to a
SparcStation 10 (32-bit Sparc) running NetBSD -current
mit-krb5-1.3.4nb1.
I believe that everything is working as far as the infrastructure is
concerned (boot s
On Fri, Jul 02, 2004 at 10:47:56AM -0400, Ken Hornstein wrote:
> >Expert: "You can't put your SSO in production, because Kerberos cross realm
> >authentication doesn't work!"
> >Me: "Is it an issues in Microsoft Kerberos?"
> >Expert: "No. The Kerberos protocol has been so poorly designed, that
> >c
On Fri, May 28, 2004 at 10:49:28PM +0800, sam wrote:
> here is my /etc/krb5.conf file:
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = ROCK.COM
>
> [realms]
> ROCK.COM = {
> kdc = kerberos.rock.com
> admin_server = kerberos.rock.com:749
> defau
On Wed, Apr 21, 2004 at 03:51:47PM +, Graham Turner wrote:
> Jeffrey, was trying to understand the discrepancy in the documentation from
> MIT web site as compared to the FreeBSD information which references
> /usr/local/lib
>
> have not attempted to create any 'non-default' structures in defe
Howdy folks,
I've run across a situation where a nice solution would involve using
~/.k5users rather than .k5login to limit remote rsh abilities. ~/.k5users
is a tool that I've read about but never used before.
It's always struck me as odd that .k5login has it's own man page while
.k5users is cov
On Mon, Dec 01, 2003 at 02:05:58PM +, Dennis Davis wrote:
> Kerberos IV code has been removed from the latest version of
> OpenBSD, OpenBSD3.4 which was released a month ago. Previous
> versions of OpenBSD included Kerberos IV code from:
>
> http://www.pdc.kth.se/kth-krb/
>
> But Kerberos V
On Mon, Oct 27, 2003 at 12:45:58PM -0700, Wachdorf, Daniel R wrote:
> Nope,
>
> I upgraded from 1.3.0 to 1.3.1 but that's it. The problem seems to be that
> the kadmin client doesn't want to check the /etc/krb5.conf file for
> supported tgs (ie des-cbc-crc).
It did indeed correct the problem
On Mon, Oct 27, 2003 at 01:25:20PM -0500, Sam Hartman wrote:
> Did you upgrade from 1.2.x to 1.3.1 between now and when things
> stopped working? If so, the default master key enctype for 1.3.1 is
> different from the enctype for 1.2.x. So you may need to explicitly
> specify the master key encty
Howdy folks,
I'm running an MIT KDC for two small realms (a few dozen principals
each) on FreeBSD 4-STABLE for i386. I haven't tried to manipulate any
principals via the kadmin interface ia a while (probably two weeks), and
when I tried it recently I ran across an unusual problem: kadmind wasn't
r
On Wed, Sep 18, 2002 at 08:02:24AM -0400, Josh Huber wrote:
> Tillman Hodgson <[EMAIL PROTECTED]> writes:
>
> > Are there any issues with reverse-NATing Kerberos (port 88 UDP)
> > connections from the Internet to an internal Kerberos server? For
> > example, is
Howdy,
Are there any issues with reverse-NATing Kerberos (port 88 UDP)
connections from the Internet to an internal Kerberos server? For
example, is the source IP address embedded into the packet and thus
would cause NATing problems?
- Tillman Hodgson
--
When an ordinary man attains knowledge
Howdy,
I'm using the MIT Kerberos package as distributed with RedHat Linxu 7.3
on a workstation and I have a Heimdal KDC on FreeBSD 4.6. I'm able to
successfully kinit, klist and destroy from the RedHat workstation,
though I can't use any "real" client apps as I haven't been able to
extract my ho
22 matches
Mail list logo