Hello Kerberos Consortium,
I'm looking for some assistance finding some Kerberos expertise on a large
defense contractor project that my company is working on. Any chance you could
point me to some resources for Kerberos consulting and implementation services?
Thanks!
Steve Rendall
Senior
these days. There is a keyring
cache in the kernel. I think that's what you need.
Cheers,
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On Mon, 2014-09-15 at 09:44 +0100, moritz.will...@ubs.com wrote:
Wendy,
rpc.gssd on Linux looks in /tmp for files which start with krb5cc. The
location where rpc.gssd is looking can be overridden with the -d option.
Hi
On systemd they're not under /tmp but default to /run/user instead.
Could
On Fri, 2014-09-12 at 22:08 +0200, Lars Hanke wrote:
Am 12.09.2014 21:14, schrieb steve:
DNS? Is the 386 client pointing _only_ at the Samba4 DC?
The 386 client points to the AD DNS.
Does Samba4 DC == AD DNS?
Guessing: You don't want to use any domain services on the 386 client.
You
On Fri, 2014-09-12 at 20:41 +0200, Dr. Lars Hanke wrote:
Am 12.09.2014 19:15, schrieb steve:
On Fri, 2014-09-12 at 18:59 +0200, Lars Hanke wrote:
I'm currently migrating from a MIT Kerberos + LDAP infrastructure to a
samba4 design. I set up test clients, which can connect to either
server
Hi
We have a Samba4 domain with some Linux clients joined under DHCP. We
are updating their DNS records via the nsupdate facility in SSSD. All is
fine, but the worrying issue is that the machines still function even
with the wrong rr registered in dns. Is this correct behaviour?
Thanks,
Steve
On Sat, 2014-06-07 at 14:31 +, Brandon Allbery wrote:
On Sat, 2014-06-07 at 16:13 +0200, steve wrote:
We have a Samba4 domain with some Linux clients joined under DHCP. We
are updating their DNS records via the nsupdate facility in SSSD. All is
fine, but the worrying issue
on the clients with at least Domain = mydomain in
idmapd.conf, the files and directories in my mounted exports are all
owned by nobody.nogroup. How do you prevent that?
Hi
Confirmed. rpc.idmapd has to be running at both ends. Maybe there are
other ways to do the upcalls?
Cheers,
Steve
On Wed, 2014-04-30 at 15:05 -0400, Tom Yu wrote:
A previous version of this announcement had inconsistent times listed
for this teleconference.
OMG. Inconsistent times? On the Kerberos list? Brilliant!
Kerberos mailing list
On Sat, 2014-03-29 at 21:33 +0100, Wendy Lin wrote:
On 29 March 2014 16:07, steve st...@steve-ss.com wrote:
On Sat, 2014-03-29 at 14:01 +0100, Wendy Lin wrote:
login: pam_krb5[3808]: user 'root' was not authenticated by pam_krb5,
returning User not known to the underlying authentication
On Sat, 2014-03-29 at 14:01 +0100, Wendy Lin wrote:
login: pam_krb5[3808]: user 'root' was not authenticated by pam_krb5,
returning User not known to the underlying authentication module
Hi
Can root get a ticket?
kinit -k root -t /etc/krb5.keytab
which you are working.
HTH
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
? It is not only you
who must authenticate, but also the machine upon which you are working.
Hi Steve,
you're right, it does *not* use the default keytab but it uses the
default machine principal. The extra keytab I am using is a functional
account in our Active Directory
On Thu, 2014-03-20 at 00:52 +0100, Wendy Lin wrote:
On 20 March 2014 00:04, Wendy Lin wendlin1...@gmail.com wrote:
On 19 March 2014 23:36, steve st...@steve-ss.com wrote:
On Wed, 2014-03-19 at 23:16 +0100, Wendy Lin wrote:
On 19 March 2014 14:11, steve st...@steve-ss.com wrote:
On Wed
. Is
there any chance you can upgrade?
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On Thu, 2014-03-20 at 13:05 +0100, Wendy Lin wrote:
On 20 March 2014 11:03, steve st...@steve-ss.com wrote:
On Thu, 2014-03-20 at 00:52 +0100, Wendy Lin wrote:
I tried permitted_enctypes = des-cbc-crc des3-cbc-sha1 but this only
gives me a new kind of (its mocking me?!) error message
On Thu, 2014-03-20 at 09:16 -0400, Simo Sorce wrote:
On Thu, 2014-03-20 at 13:05 +0100, Wendy Lin wrote:
Doable, but it will take months to migrate. What do not understand is
that no one, say Linus or friends, *test* their stuff it it is really
interoperable with the rest of the world. It
On Thu, 2014-03-20 at 23:01 +0100, Wendy Lin wrote:
I have this in my Suse 11.3 /etc/krb.conf for libdefaults:
allow_weak_crypto = true
# permitted_enctypes = des-cbc-crc arcfour-hmac des3-cbc-sha1
aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96
permitted_enctypes =
On Wed, 2014-03-19 at 00:09 +0100, Wendy Lin wrote:
On 18 March 2014 23:54, steve st...@steve-ss.com wrote:
On Tue, 2014-03-18 at 23:20 +0100, Wendy Lin wrote:
Asking here to make sure I got the mechanism right:
I created the principal nfs/china.mytest@test1.mytest.org on the
KDC
On Wed, 2014-03-19 at 13:32 +0100, Wendy Lin wrote:
On 19 March 2014 09:55, steve st...@steve-ss.com wrote:
On Wed, 2014-03-19 at 00:09 +0100, Wendy Lin wrote:
On 18 March 2014 23:54, steve st...@steve-ss.com wrote:
On Tue, 2014-03-18 at 23:20 +0100, Wendy Lin wrote:
Asking here to make
On Wed, 2014-03-19 at 23:16 +0100, Wendy Lin wrote:
On 19 March 2014 14:11, steve st...@steve-ss.com wrote:
On Wed, 2014-03-19 at 13:32 +0100, Wendy Lin wrote:
On 19 March 2014 09:55, steve st...@steve-ss.com wrote:
On Wed, 2014-03-19 at 00:09 +0100, Wendy Lin wrote:
On 18 March 2014 23
expired? Confused.
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
the CHINA$ key, so you can mount using that. The nfs server keytab
should have both the nfs servivce and machine keys.
There are many misunderstandings about kerberized nfs:
http://linuxcostablanca.blogspot.com.es/2012/02/nfsv4-myths-and-legends.html
HTH
Steve
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On Fri, 2014-03-14 at 12:22 +0100, ольга крыжановская wrote:
Does Kerberos have a way to show me the data in /etc/krb5.keytab in ASCII
form?
Olga
Hi
We use:
klist -ket /etc/krb5.keytab
Do you want the content of keys themselves?
HTH
Steve
upgrade scripts
available: samba-tool domain classicupgrade --help
HTH/encourages,
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
have to keep a domain
alive. Every day. We are scared to death of Kerberos. -K works an
absolute treat. We understand it. Could you please retain it? If you
must make a change then could it be an addition? We'd suggest -J. If you
already have -J then just choose another letter. Easy.
Cheers,
Steve
On Thu, 2014-01-16 at 09:48 -0800, Russ Allbery wrote:
steve st...@steve-ss.com writes:
On Wed, 2014-01-15 at 18:51 -0800, Russ Allbery wrote:
It's also sort of weird and complex, and people struggle to understand it.
I'm therefore considering changing the next release to always acquire
On Sun, 2013-10-06 at 12:37 -0400, Greg Hudson wrote:
On 10/06/2013 06:18 AM, steve wrote:
Thanks. It works fine. Just a pity that something like this had to
change. It worked fine when the cache was create in /tmp.
The upstream default is still /tmp/krb5cc_%{uid}. In 1.11 we added
On Sat, 2013-10-05 at 13:10 -0400, Daniel Kahn Gillmor wrote:
On 10/05/2013 12:59 PM, steve wrote:
When trying to get Kerberos tickets, we get an error that the directory
does not exist e.g.
as root:
kinit Administrator
kinit: Credential cache directory /run/user/0/krb5cc does
in?
Thanks,
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
to be there.
Only the server must have the nfs/ service key.
HTH,
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
/REALM principal in the default keytab is the nfs server:
http://linuxcostablanca.blogspot.com.es/2012/02/nfsv4-myths-and-legends.html
For Nfs4 clients, the host/REALM or client machine key are all that is
required.
HTH
Steve
Kerberos mailing list
On 02/05/13 06:45, Benjamin Kaduk wrote:
On Wed, 1 May 2013, steve wrote:
openSUSE 12.3 with Samba 4.0 KDC
Hi
Our Linux clients need a root cache available for cifs mounts. I have a
machine key available on all clients. I've put:
kinit -k -t /etc/krb5.keytab MACHINE$
in /etc/init.d
and then refresh it via cron.hourly)
Cheers,
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On 04/19/2013 11:34 AM, Rasanth Akali Kandoth wrote:
Hi All,
is it required that, for a linux client application to get tickets from
windows AD, the linux box have to join the windows domain ?
Hi
No. You can kinit from a Linux client just fine.
On 04/12/2013 10:00 PM, Russ Allbery wrote:
steve st...@steve-ss.com writes:
Thanks. pam_krb5 works fine. on openSUSE 12.3 the cache is created
automatically upon login. On Ubuntu it isn't. We have to cater for both
distros at the moment. Any Ubuntu krb5 users?
Yes, lots.
Sounds like you
/anyname@REALM
nfs/anyname@REALM
host/anyname@REALM
HTH
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On 27/08/12 20:59, Derek Warren wrote:
Thank you for the insightful responses, Russ, Nico and Steve.
On 2012-08-27, at 10:59 AM, st...@steve-ss.com wrote:
For us, nfs4 with a Samba4 AD, gssd fails when it can't find e.g. a
machine key in (by default) /etc/krb5.keytab
Thank you, Steve. My
On 22/08/12 19:04, Darek M wrote:
On Mon, Aug 20, 2012 at 12:09 PM, steve st...@steve-ss.com wrote:
Hi
I don't know whether caching is the clue here but we ditched nss-ldap in
favour of nss-pam-ldapd. It's faster all around and has a good caching
system, nslcd. The switchover from one
here but we ditched nss-ldap in
favour of nss-pam-ldapd. It's faster all around and has a good caching
system, nslcd. The switchover from one to the other is really easy and
may be worth a try.
Cheers,
Steve
Kerberos mailing list
denied
when the share is mounted krb5, even with the no_root_squash
Cheers,
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On 15/08/12 17:27, Alexander Luedtke wrote:
Hi Steve,
no, thats becouse u need a ticket to get into the user directory.
even if u make an su - username as root, u wont get into his
homedirectory without the right user ticket - that what it is designded
for, to
protect the userdirectories
is deleted or disabled. But if the client
needs to do a renew request from time to time, the KDC might not issue
new tickets if the client is deleted or disabled.
Hi
For long logons we use k5start. It renews tickets at given time intervals.
Cheers,
Steve
key.
It's OK, but maybe you guys could point out any security risks and/or
suggest a better method.
Cheers,
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
an old cache not destroyed.
Is there and easy way to do this?
Cheers,
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
ads add cifs -U. . .
On Linux, net is in the samba-client package.
Cheers,
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
-sha1, arcfour-hmac-md5, using
arcfour-hmac-md5/arcfour-hmac-md5
Kerberos: Requested flags: renewable-ok
HTH,
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On 04/02/12 16:43, Mantas M. wrote:
On Fri, Feb 03, 2012 at 04:40:16PM +0100, steve wrote:
OK
I've now seen that the xscreensaver shipped with openSUSE 12.1 does not
support Krb5. Fine.
This shouldn't make any difference if PAM is being used -- xscreensaver just
calls pam_krb5 in that case
On 02/01/2012 06:46 PM, steve wrote:
This is my first post here so hi everyone.
We have a Lan of Linux and win 7 boxes under a Samba 4 pdc. On Linux,
our Kerberos password does not unlock xscreensaver. We get
'Authentication failed'.
openSUSE 12.1. a few files:
/etc/krb5.conf
?
Thanks,
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Maybe you should try reading the extensive documentation first.
On Sep 7, 2010 9:54 AM, rajeev mundarinti rajeevmundari...@gmail.com
wrote:
Hello sir,
My name is Rajeev presuing M.Tech in NMAMIT ,NITTE, KARNATAKA,
INDIA.
I am doing my 1 year project in network security by using
KERBEROS
.
Has anyone seen this behavior before?
Thanks,
--
Steve Glasser
sgla9...@gmail.com
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
technique.
Thanks,
--
Steve Glasser
sgla9...@gmail.com
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
,
so to do date math for dates going back into last year is awkward at
best. So...
a) can I configure Kerberos to log month day year?
b) is there a better way to do this audit?
Thanks,
--
Steve Glasser
sgla9...@gmail.com
Kerberos mailing list
provide
some clues to where I can research. I reviewed the environment and it
looks like all the krb5.ini environment variables are the same.
Thanks for the help in advance.
Steve
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu
attempts?
Thanks,
--
Steve Glasser
sgla9...@gmail.com
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
it having ever been fixed in redhat
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339734
Setting
PasswordAuthentication yes
does work, at least in our environment.
If anyone has any further information on this we'd appreciate it.
Cheers,
Steve
On Wed, Nov 11, 2009 at 11:28 PM, Jeffrey Watts
the client and server for clues. Please post
any errors.
If you are following the sited howto, I assume you did test Kerberos
authentication separately and it is working, right?
Cheers,
Steve
On Wed, Nov 11, 2009 at 7:33 AM, Ryan Lynch ryan.b.ly...@gmail.com wrote:
On Wed, Nov 11, 2009 at 04:46, Braden
and you should be ok.
I usually don't start kadmin right away so no one can reset their
passwords until I am sure that I am going to leave it up.
Actual down time is usually 30 minutes or less.
/sd
Steve Devine
Email Storage
Academic Technology Services
Michigan State University
313 Computer
.
Cheers
--
Steve Glasser
sgla9...@gmail.com
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
interface.
Is this so or no?
Lots of Googling have so far revealed nothing.
/sd
Steve Devine
Email Storage
Academic Technology Services
Michigan State University
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo
Quoting Ken Raeburn raeb...@mit.edu:
On Jun 7, 2009, at 07:48, Steve Devine wrote:
Everything works fine and in theory I see no harm but still it seems wrong.
It seems like I ought to be able to disable listening on the backnet
interface.
Is this so or no?
At present there is no way
On Apr 13, 2:57 pm, Tom Yu t...@mit.edu wrote:
Steve Devine devine.st...@gmail.com writes:
Seems both of these patches expect the src tree to start with a or b
IE:
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/
spnego/spnego_mech.c
What am I missing
Seems both of these patches expect the src tree to start with a or b
IE:
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/
spnego/spnego_mech.c
What am I missing? Is this for a diff dist?
/sd
Kerberos mailing list
I have memory leak in the function call gss_krb5_ccache_name.
I am using kfw-3-2-2-final on win32.
It is a multi-threaded application and I am using the api as followed.
major_status =gss_krb5_ccache_name(minor_status,krb5-
ccache_name, NULL);
:
major_status =
On Dec 10, 10:11 am, Jeff Blaine [EMAIL PROTECTED] wrote:
...
Key: vno 5, DES cbc mode with CRC-32, AFS version 3
...
^
Have you tried using other salt types?
-Marcus Watts
I'm afraid I don't have
On Dec 7, 3:59 pm, Jeff Blaine [EMAIL PROTECTED] wrote:
What am I doing wrong this time?
-bash-2.05b# /usr/kerberos/bin/kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:
kinit(v5): Password incorrect while getting initial credentials
-bash-2.05b#
-bash-2.05b# rpm -qa |
On Nov 27, 5:25 am, Juri Dakua [EMAIL PROTECTED] wrote:
Hello all,
I am trying to configure a master KDC and a slave KDC. I am facing the
following problem while trying to do so. It will be of great help if
someone can kindly suggest me some solution.
When I try to propagate the database
don't intend to
remove any enctypes just add them.
Should I add anything else while I am at it? We are striving towards
Microsoft Compatibility.
Thanks
Steve Devine
MSU
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman
Hello,
I have been requested to build a web app for my medium sized organization
that currently have Kerberos 5 running on the network. The webapp will
require non-technical users to be able to log on remotely through a web
browser (IE only is fine but there must not be any other client programs
/Kerberos/dialogue.html
--
Steve Feehan
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
We are testing out some new policies. (MIT Kerberos5 1.4.3)
We have found that a privileged principal ROOT/[EMAIL PROTECTED]
cannot overrule the password history policy on a standard principle but
it can/does ignore the password minimum life.
Is this a feature or a bug?
PROTECTED] sbin]#
If you know about how to resolve it as to login by using krlogin with
Kerberos ,please let me know.
Thks.
Best regards
Steve zhang
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo
Please can you tell what jar file the following class is in
com.sun.security.auth.module.Krb5LoginModule
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 12 September 2005 17:02
To: kerberos@mit.edu
Subject: Kerberos Digest, Vol 33, Issue 10
Send Kerberos
Dear Kerberos,
I have been asked if my java (jsp/servlets/beans) application could get the
current user's id by using Kerberos tickets. If you could give me any advice
I would be very grateful.
Thanks Steve
Kerberos mailing list
configuration, are there any other limiting factors?
-- Steve.
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
I'm setting a multi-realm (Windows/Unix) environment. I think I've got
it all figured out except for one thing.
How does the Windows KDC know that mymachine.unixnet.mycompany.com is in
the realm UNIXNET.MYCOMPANY.COM? In the MIT implementation, client would
have done this using [domain_realm]
on their Win2000 systems. Thanks. Steve Hauser
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
virus snipped
And I would've gotten away with it, too, if it wasn't for those meddling
kids!
--
Steve Langasek
postmodern programmer
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
on it uses NetBSD.
--
Steve Langasek
postmodern programmer
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
changes to CVS HEAD that I
haven't tested on Heimdal, so I may have ruined that again ;).
--
Steve Langasek
postmodern programmer
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
header files, so it's something of a bear to
build. (There's really no way around this, since those are the only
header files that let it connect to the MIT admin server in order to
create principals.)
ftp://ftp.netexpress.net/pub/pam/pam_krb5_migrate.tgz
Cheers,
--
Steve Langasek
postmodern
passwords stash them in a file. Pure kerberos won't allow that to
happen, since hosts never receive the user's password.
Right.
--
Steve Langasek
postmodern programmer
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu
On Tue, Jul 29, 2003 at 12:23:49PM +0200, Jerome Walter wrote:
Hi. This is a known problem with the 1.2 version of krb5 that is
fixed in the 1.3 release.
Too bad for people out of US, that do not have 1.3 available yet.
http://http.us.debian.org/debian/pool/main/k/krb5/
--
Steve
On Wed, Jul 30, 2003 at 11:30:57AM -0300, Andreas wrote:
On Wed, Jul 30, 2003 at 09:10:56AM -0500, Steve Langasek wrote:
On Tue, Jul 29, 2003 at 12:23:49PM +0200, Jerome Walter wrote:
Hi. This is a known problem with the 1.2 version of krb5 that is
fixed in the 1.3 release
, you would add that principal to
root's .k5login file; acquire a TGT for that user; and run
'ssh [EMAIL PROTECTED]' or 'ssh -l root server'. This will grant you
Kerberos-based access to the root account.
--
Steve Langasek
postmodern programmer
that they already have the tickets they need. :-) A Kerberized ssh
client is still a must here, of course. My own deployments have involved
ssh with the gssapi patches, plus pam_krb5 for backwards-compatible
password auth.
--
Steve Langasek
postmodern programmer
'dns_lookup_kdc' nor 'dns_lookup_realm' says anything about using DNS to
look up the admin server. The last, AFAIK, has not yet been implemented.
--
Steve Langasek
postmodern programmer
Kerberos mailing list [EMAIL PROTECTED]
https
)
:) Just to comment, it sounds like your pop server has buggy PAM support.
It's calling the PAM function that's writing out the ccache, but not
calling the corresponding function to remove it (I'm assuming Solaris's
pam_krb5 *does* implement this) when the session is over.
--
Steve Langasek
action! If you want to win, you need the right
information. Just think about what you can do if you win big!
My name is Steve "Black Eye" Hawks and I run
one of the premier sports handicapping services in the country. I am personally
writing to you because I understand you like to
the Kerberos API to the weakly-typed
PHP.
--
Steve Langasek
postmodern programmer
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
then resolve the KDC addresses using
DNS.
An alternate approach would be for the client to issue queries exclusively
using LDAP, and this is probably more scalable than depending on a WINS
server. I believe the legacy NetBIOS domain is listed somewhere in LDAP,
but I don't recall where.
--
Steve
of the firewall is set by my ISP
using DHCP.
Is it possible to add this computer to my realm and if so what name do I
use?
Thanks,
Steve.
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
-proxy
approach to Kerberos like pam_krb5?
Steve Langasek
postmodern programmer
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
support encryption. I'm using SASL-enabled LDAP with GSSAPI
authentication, and the data stream is automatically encrypted with
certain LDAP clients.
Steve Langasek
postmodern programmer
Kerberos mailing list [EMAIL PROTECTED]
http
When I call the kprop command, do I have to pass in the slave's host name? I've tried passing in the slave's IP but that doesn't work.
Thanks for the help in advance.
SteveDo you Yahoo!?
Faith Hill - Exclusive Performances, Videos, & more
faith.yahoo.com
: modify_principal -requires_preauth host/majorskan.MYDOMAIN.TLD
HTH,
Steve Harper
University of Utah
On Thu, 26 Sep 2002, Turbo Fredriksson wrote:
'a local or AD account'. I don't have AD, but I _DO_ have a local
account.
The keytab on the KDC. I got the error
- s n i p -
Sep 26 08
Yes, this is the 60 page POS that the original posting was about.
--
Steve.
On Mon, 23 Sep 2002, John Rudd wrote:
I don't know if this one was mentioned yet, but there's also
Kerberos: A Network Authentication System by Brian Tung (addison
wesley)
It's more of a booklet than a book
determines who they are
(authentication).
Steve Langasek
postmodern programmer
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
1 - 100 of 119 matches
Mail list logo