On 30 September 2014 18:32, ronnie sahlberg wrote:
> On Tue, Sep 30, 2014 at 9:17 AM, Wendy Lin wrote:
>> On 30 September 2014 17:55, ronnie sahlberg wrote:
>>> On Tue, Sep 30, 2014 at 8:25 AM, Wendy Lin wrote:
>>>> On 30 September 2014 15:25,
On 30 September 2014 17:55, ronnie sahlberg wrote:
> On Tue, Sep 30, 2014 at 8:25 AM, Wendy Lin wrote:
>> On 30 September 2014 15:25, Rick van Rein wrote:
>>> Hi,
>>>
>>>>>> Does Kerberos5 have a ticket to ascii converter so someone can see
On 30 September 2014 15:25, Rick van Rein wrote:
> Hi,
>
Does Kerberos5 have a ticket to ascii converter so someone can see
what a ticket looks like in plain text?
>>>
>>> You might use any ASN.1 parser to see the structure, without it actually
>>> being spelled out in terms of the Kerb
On 30 September 2014 15:06, Rick van Rein wrote:
> Hi,
>
>> Does Kerberos5 have a ticket to ascii converter so someone can see
>> what a ticket looks like in plain text?
>
> You might use any ASN.1 parser to see the structure, without it actually
> being spelled out in terms of the Kerberos field
Does Kerberos5 have a ticket to ascii converter so someone can see
what a ticket looks like in plain text?
Wendy
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On 14 September 2014 23:46, Frank Cusack wrote:
> On Fri, Sep 12, 2014 at 8:53 AM, Wendy Lin wrote:
>> How does the NFS client (say, Linux and AIX) find a users krb5 tickets
>> in the filesystem? Does /sbin/mount forward the ticket to rpc.gssd?
>>
> There's a so-cal
How do the tickets remember the KDC? Do they use IP address, the
hostname? Do they remember the protocol (UDP, TCP) and the port
number, too?
Wendy
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On 27 April 2014 17:53, Greg Hudson wrote:
> On 04/25/2014 09:35 AM, Wendy Lin wrote:
>> Does Kerberos5 have the ability to store user-defined attributes
>> somehere and distribute them to the Kerberos5 clients?
>
> Short answer: not really, and that's more of a j
How does the NFS client (say, Linux and AIX) find a users krb5 tickets
in the filesystem? Does /sbin/mount forward the ticket to rpc.gssd?
Wendy
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Does Kerberos5 have the ability to store user-defined attributes
somehere and distribute them to the Kerberos5 clients?
Wendy
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
This question is offtopic but related to my other problems with pam_krb5.so:
How can I tell Suse's yast to NOT run pam-config each time a software
update is done? It destroys my custom /etc/pam.d/common-auth settings.
Wendy
Kerberos mailing list
On 4 April 2014 18:54, Brandon Allbery wrote:
> On Fri, 2014-04-04 at 18:43 +0200, Wendy Lin wrote:
>> On 4 April 2014 18:29, Brandon Allbery wrote:
>> > On Fri, 2014-04-04 at 18:21 +0200, Wendy Lin wrote:
>> >> On 24 March 2014 11:31, Wendy Lin wrote:
>>
On 4 April 2014 18:29, Brandon Allbery wrote:
> On Fri, 2014-04-04 at 18:21 +0200, Wendy Lin wrote:
>> On 24 March 2014 11:31, Wendy Lin wrote:
>> Of course, I do not know why this suddenly works. Can someone explain
>> this? Why didn't it work when pam_unix came fi
On 24 March 2014 11:31, Wendy Lin wrote:
> I am trying to allow user root (uid=0) to be authenticated via
> Kerberos5 at login time, too, but if I do I get a "User not known to
> the underlying authentication module" error and login is refused.
>
> OS is Suse 13.1
>
On 1 April 2014 10:29, Predrag Zecevic [Unix Systems Administrator]
wrote:
> On 04/ 1/14 10:16 AM, Wendy Lin wrote:
>> On 18 March 2014 22:11, Wendy Lin wrote:
>>> Can anyone explain this pam error to me? I have configured a machine
>>> (192.168.2.105) as Kerberos5 c
On 31 March 2014 22:44, Nalin Dahyabhai wrote:
> On Sat, Mar 29, 2014 at 02:01:07PM +0100, Wendy Lin wrote:
>> On 27 March 2014 18:12, Wendy Lin wrote:
>> > On 24 March 2014 11:58, Predrag Zecevic [Unix Systems Administrator]
>> > wrote:
>> >> On 03/24/14
On 18 March 2014 22:11, Wendy Lin wrote:
> Can anyone explain this pam error to me? I have configured a machine
> (192.168.2.105) as Kerberos5 client on Suse 12.3 via yast talking to
> the kdc at 192.168.2.98 and now get this error on the client if I try
> to log in via ssh:
>
>
On 29 March 2014 21:44, Russ Allbery wrote:
> Wendy Lin writes:
>
>> I turned on pam_krb5 debugging and received this in /var/log/messages:
>
>> pam_krb5[3808]: user 'root' was not authenticated by pam_krb5,
>> returning "User not known to the underl
On 29 March 2014 16:07, steve wrote:
> On Sat, 2014-03-29 at 14:01 +0100, Wendy Lin wrote:
>
>> login: pam_krb5[3808]: user 'root' was not authenticated by pam_krb5,
>> returning "User not known to the underlying authentication module"
>
> Hi
> Can
On 27 March 2014 18:12, Wendy Lin wrote:
> On 24 March 2014 11:58, Predrag Zecevic [Unix Systems Administrator]
> wrote:
>> On 03/24/14 11:31 AM, Wendy Lin wrote:
>>> I am trying to allow user root (uid=0) to be authenticated via
>>> Kerberos5 at login time, too,
On 27 March 2014 18:50, Russ Allbery wrote:
> Wendy Lin writes:
>
>> Where is the pam config which controls whether pam_krb5 is not called
>> for user root?
>
> On Debian and Ubuntu, it's this part at the top of /etc/pam.d/su:
>
> # This allows root to su
On 27 March 2014 18:37, Russ Allbery wrote:
> Wendy Lin writes:
>
>> Does anyone have a good idea why pam_krb5 does not appear to be called
>> for su - root while exec login root calls pam_krb5?
>
> Check /etc/pam.d/su and see if su has special rules that cause it to
&
Does anyone have a good idea why pam_krb5 does not appear to be called
for su - root while exec login root calls pam_krb5?
Wendy
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On 24 March 2014 11:58, Predrag Zecevic [Unix Systems Administrator]
wrote:
> On 03/24/14 11:31 AM, Wendy Lin wrote:
>> I am trying to allow user root (uid=0) to be authenticated via
>> Kerberos5 at login time, too, but if I do I get a "User not known to
>> the underl
I am trying to allow user root (uid=0) to be authenticated via
Kerberos5 at login time, too, but if I do I get a "User not known to
the underlying authentication module" error and login is refused.
OS is Suse 13.1
pam config is:
grep -r krb5 /etc/pam.d/
/etc/pam.d/common-password-pc:password suf
I have this in my Suse 11.3 /etc/krb.conf for libdefaults:
allow_weak_crypto = true
# permitted_enctypes = "des-cbc-crc arcfour-hmac des3-cbc-sha1
aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96"
permitted_enctypes = "des-cbc-crc"
Now if I try to kinit I get this error:
kin
On 20 March 2014 15:23, Simo Sorce wrote:
> On Thu, 2014-03-20 at 14:48 +0100, ольга крыжановская wrote:
>> Can any one confirm, or deny, that using only
>>
>> permitted_enctypes = "des-cbc-crc"
>>
>> will work around the problem?
>
> In older kernels the only encryption algorithm supported for NF
On 20 March 2014 11:03, steve wrote:
> On Thu, 2014-03-20 at 00:52 +0100, Wendy Lin wrote:
>>
>> I tried permitted_enctypes = "des-cbc-crc des3-cbc-sha1" but this only
>> gives me a new kind of (its mocking me?!) error message in
>> /var/log/messages
On 20 March 2014 00:04, Wendy Lin wrote:
> On 19 March 2014 23:36, steve wrote:
>> On Wed, 2014-03-19 at 23:16 +0100, Wendy Lin wrote:
>>> On 19 March 2014 14:11, steve wrote:
>>> > On Wed, 2014-03-19 at 13:32 +0100, Wendy Lin wrote:
>>> >> On 19 Ma
On 19 March 2014 23:36, steve wrote:
> On Wed, 2014-03-19 at 23:16 +0100, Wendy Lin wrote:
>> On 19 March 2014 14:11, steve wrote:
>> > On Wed, 2014-03-19 at 13:32 +0100, Wendy Lin wrote:
>> >> On 19 March 2014 09:55, steve wrote:
>> >> > On We
On 19 March 2014 14:11, steve wrote:
> On Wed, 2014-03-19 at 13:32 +0100, Wendy Lin wrote:
>> On 19 March 2014 09:55, steve wrote:
>> > On Wed, 2014-03-19 at 00:09 +0100, Wendy Lin wrote:
>> >> On 18 March 2014 23:54, steve wrote:
>> >> > On Tu
On 19 March 2014 09:55, steve wrote:
> On Wed, 2014-03-19 at 00:09 +0100, Wendy Lin wrote:
>> On 18 March 2014 23:54, steve wrote:
>> > On Tue, 2014-03-18 at 23:20 +0100, Wendy Lin wrote:
>> >> Asking here to make sure I got the mechanism right:
>>
On 18 March 2014 23:54, steve wrote:
> On Tue, 2014-03-18 at 23:20 +0100, Wendy Lin wrote:
>> Asking here to make sure I got the mechanism right:
>>
>> I created the principal nfs/china.mytest@test1.mytest.org on the
>> KDC machine so that NFSv4 client china.m
Asking here to make sure I got the mechanism right:
I created the principal nfs/china.mytest@test1.mytest.org on the
KDC machine so that NFSv4 client china.mytest.org can mount a NFSv4
filesystem.
How does the client china.mytest.org now get the keys?
Wendy
__
Can anyone explain this pam error to me? I have configured a machine
(192.168.2.105) as Kerberos5 client on Suse 12.3 via yast talking to
the kdc at 192.168.2.98 and now get this error on the client if I try
to log in via ssh:
2014-03-18T22:04:20.877103+01:00 susevm001 sshd[2567]: error: PAM:
User
On 18 March 2014 15:09, Tomas Kuthan wrote:
> On 03/18/14 03:00 PM, Wendy Lin wrote:
>>
>> On 18 March 2014 13:54, Tomas Kuthan wrote:
>>>
>>> Hi Wendy,
>>>
>>> (I can only comment on Solaris)
>>>
>>> I suppose, you are r
On 18 March 2014 13:54, Tomas Kuthan wrote:
> Hi Wendy,
>
> (I can only comment on Solaris)
>
> I suppose, you are referring to automatic renewal of tickets by
> ktkt_warnd. ktkt_warn service is enabled by default, but there are
> upgrade scenarios, were you can end up with ktkt_warn disabled. Run
Forwarding it here. What is the default Kerberos5 behaviour? I log in
with pam_krb or kinit, but the tickets for nfs/ are not renewed. Why?
Wendy
-- Forwarded message --
From: Wendy Lin
Date: 18 March 2014 11:05
Subject: Kerberos5 ticket auto renewal
To: "d
38 matches
Mail list logo