separate kdc to authenticate a single user

Hi, Currently have kerberos running ( mit). All OK. but just found out that a web service currently running of one of our clients wants to use kerberos to authenticated against their own KDC server and not our default one. Do I just put in another entry in the realms section for their kdc, or do

Re: password expiration field set to none after password change

thanks that works pete Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

password expiration field set to none after password change

Is there a way to set the 'password expiration' field with modprinc ( pwexpire) to be constant. Currently I've set it at @ 30 days. When this date is reached , the user changes their expiring password, which is all good. However the password expiration field is then reset to 'None': Password

what users have kerberos accounts

Hello, Is there a way using kadmin to query the kdc what kerberos principal has an account on what host. I have many hosts that have been kerberos'd, but not all accounts are under kerberos, if that makes sense. Using kerberos 5 on aix. Thanks Pete. __

force password change

Hello, Is there a way to force a password change on a kerberos, A bit like a password expiry, so they get prompted to change their password. Thanks Pete. Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/ke

moving kerberos master to new server

Hello, Currently using kerberos 5. Soon I plan to migrate this server onto another hardware that will have a new hostname and IP, but same O/S level (aix). My first thoughts in doing this was to: Stop the master server, all clients will then goto to the slave for authentication. Install the krb5

Re: ftp GSSAPI messages

> Trace the ftp server and look for ENOENT errors.  I bet you'll find that > either the krb5.conf file or the krb5.keytab file are missing. > > Nico > -- Thanks, you're right I had the keytab but with wrong filename. Now I get another error : GSSAPI error major: Miscellaneous failure GSSAPI erro

ftp GSSAPI messages

Hello, On our internal private servers I have just created some ftp principles, now when ftping to a host I get GSSAPI errors messages, although I can connect to the host and I do get a (ftp) ticket. There are no errors on the kdc log, only messages about a connection, I have ran the ftp in debug

automatically refreshing tickets for all users

Hello, Starting to get the hang of this slowly. One question I have is , is there a way where user root can automatically refresh all tickets for users. Do not seem to be able to get around where kinit keeps prompting the user for their own password. thanks Pete. _

Re: max life for a ticket

> In MIT krb5, the limit appears to be 2^31-1 seconds, based on my reading > of the code. thanks Pete Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

max life for a ticket

Hello, What is the maximum ticket life in days or hoursyou can supply with the max_life stanza in krd5.conf thanks Pete. Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos