Test
Clint (JOATMON) Chaplin
Maurice Wilkes recalls in his memoirs, "By June 1949, people had begun to realize that
it was not so easy to get a program right as had at one time appeared. I well remember
when this realization first came on me with full force. The EDSAC was on the top floor
o
Is there such an utility which can issue a "ping" (null command) to
the kdc to see if it is still responding?
Wang
--
Wang Shouhua - shouh...@gmail.com
中华人民共和国科学技术部 - HTTP://WWW.MOST.GOV.CN
Kerberos mailing list Kerberos@mit
On Wed, 2 Apr 2014, Wang Shouhua wrote:
> Is there such an utility which can issue a "ping" (null command) to
> the kdc to see if it is still responding?
I'm not aware of a dedicated utility. However, the KDC is basically a
stateless UDP service, so recording a live tran
On 2 April 2014 21:46, Benjamin Kaduk wrote:
> On Wed, 2 Apr 2014, Wang Shouhua wrote:
>
>> Is there such an utility which can issue a "ping" (null command) to
>> the kdc to see if it is still responding?
>
>
> I'm not aware of a dedicated utility. Howev
I use kadm5_get_privs as a ping for an admin perl script, see this thread:
http://mailman.mit.edu/pipermail/kerberos/2012-February/017811.html
Chris
On 2014-04-02 12:46, Benjamin Kaduk wrote:
> On Wed, 2 Apr 2014, Wang Shouhua wrote:
>
>> Is there such an utility which can i
Wang Shouhua writes:
> On 2 April 2014 21:46, Benjamin Kaduk wrote:
>> On Wed, 2 Apr 2014, Wang Shouhua wrote:
>>
>>> Is there such an utility which can issue a "ping" (null command) to
>>> the kdc to see if it is still responding?
>>
>>
On Wed, 2014-04-02 at 12:57 -0700, Chris Hecker wrote:
> I use kadm5_get_privs as a ping for an admin perl script, see this thread:
>
> http://mailman.mit.edu/pipermail/kerberos/2012-February/017811.html
That does not test the KDC, it tests kadmind.
--
brandon s allb
On 2 April 2014 22:01, Tom Yu wrote:
> Wang Shouhua writes:
>
>> On 2 April 2014 21:46, Benjamin Kaduk wrote:
>>> On Wed, 2 Apr 2014, Wang Shouhua wrote:
>>>
>>>> Is there such an utility which can issue a "ping" (null command) to
>>&g
Wang Shouhua writes:
> To see if the KDC is still 'alive and kicking'. Apparently some
> students-as-admins here spend the night trying to find a problem in our
> Kerberos setup the whole night and they are very exhausted. The problem
> turned out to be a switch/firewall problem which caused the
Ah. Right, sorry!
Chris
On Apr 2, 2014 1:08 PM, "Brandon Allbery" wrote:
> On Wed, 2014-04-02 at 12:57 -0700, Chris Hecker wrote:
> > I use kadm5_get_privs as a ping for an admin perl script, see this
> thread:
> >
> > http://mailman.mit.edu/pipermail/
http://oskt.secure-endpoints.com/k5ping.html
https://github.com/elric1/k5ping
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On Wed, Apr 02, 2014 at 09:19:00PM +0200, Wang Shouhua wrote:
> Is there such an utility which can issue a "ping" (null command) to
> the kdc to see if it is still responding?
>
The last time I was responsible for such a thing, I wrote a script that
did the following:
- Usi
I am written a script for this. I can share if interested.
Best regards
Il 02/apr/2014 21:24 "Wang Shouhua" ha scritto:
> Is there such an utility which can issue a "ping" (null command) to
> the kdc to see if it is still responding?
>
> Wang
> --
> Wang Sh
/hostname principals :)
On Thu, Apr 3, 2014 at 7:29 AM, Elia Pinto wrote:
> I am written a script for this. I can share if interested.
>
> Best regards
> Il 02/apr/2014 21:24 "Wang Shouhua" ha scritto:
>
> > Is there such an utility which can issue a "ping" (
Hello,
GSSAPI-based protocols have an option of challenging a client with a counter
value. This is done after the client submits a ticket.
Looking at SPNEGO (and probably other protocols as well) I see that the server
can take the initiative for an GSSAPI exchange, and when doing so, it could
On 02/03/2014 09:41 AM, Rick van Rein wrote:
> Looking at SPNEGO (and probably other protocols as well) I see that the
> server can take the initiative for an GSSAPI exchange, and when doing so, it
> could already challenge the client.
What are you looking at specifically? GSSAPI exchanges begi
Hello Greg,
> What are you looking at specifically? GSSAPI exchanges begin with the
> client.
I thought you might say that. I was looking at SPNEGO, which embeds GSSAPI but
where the initiative is (usually) taken by the server. It’s a waste that
SPNEGO doesn’t communicate a challenge at that
On Tue, Feb 4, 2014 at 5:58 AM, Rick van Rein wrote:
> Hello Greg,
>
>> What are you looking at specifically? GSSAPI exchanges begin with the
>> client.
>
> I thought you might say that. I was looking at SPNEGO, which embeds GSSAPI
> but where the initiative is (usually) taken by the server. I
Hi Nico,
Thanks for your extensive response!
> GSS-API exchanges always begin with an initial security context token.
> SPNEGO can carry an initial security context token for an
> optimistically selected mechanism.
In my RFC 4599 it says "The initial WWW-Authenticate header will not carry any
g
On 02/06/2014 08:42 AM, Rick van Rein wrote:
> In my RFC 4599 it says "The initial WWW-Authenticate header will not carry
> any gssapi-data.” and I was wondering if I missed some cryptographic reason
> to delay the challenge until later.
Some terminology clarification is in order:
* SPNEGO (RFC
Hi Greg,
Thanks, the terminology has indeed been confusing to me.
I suppose things are as they are — or, as they have grown.
Thanks,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Rick van Rein writes:
> Thanks, the terminology has indeed been confusing to me. I suppose
> things are as they are — or, as they have grown.
The short but less polite version is that HTTP-Negotiate with SPNEGO is a
horrible hack from a Kerberos perspective. It sort of works as long as
you kno
I brain-o'ed on privacy protection. I understand what you meant now.
See what Greg and Russ have to say. But I'll add a piece here as
well:
- HTTP is not a simple protocol: there are proxies and routers involved.
- HTTP servers often act as routers.
- There can be many hops.
- A notional
23 matches
Mail list logo
