Re: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-27 Thread Tim Mooney
In regard to: Re: Problems with kadmind, kpasswd and cross-realm...: That is why I asked earlier if it was safe to use multiple kadmind daemons against the same database. If it is safe, then I can launch multiple processes (one for each realm). However, it if isn't safe, I'm assuming that

Re: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-27 Thread Markus Moeller
PROTECTED] Newsgroups: comp.protocols.kerberos To: kerberos@mit.edu Sent: Tuesday, September 25, 2007 2:05 PM Subject: Re: Problems with kadmind, kpasswd and cross-realm authentication I can reproduce the problem on my Suse 10.2 box with krb5-1.5.1-23.6 installed. Depending how I start kadmind

Re: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-26 Thread Anthony Brock
[EMAIL PROTECTED] Newsgroups: comp.protocols.kerberos To: kerberos@mit.edu Sent: Tuesday, September 25, 2007 2:05 PM Subject: Re: Problems with kadmind, kpasswd and cross-realm authentication I can reproduce the problem on my Suse 10.2 box with krb5-1.5.1-23.6 installed. Depending how I start

Re: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-25 Thread Markus Moeller
] [mailto:[EMAIL PROTECTED] Behalf Of Markus Moeller Sent: Monday, September 24, 2007 4:15 PM To: kerberos@mit.edu Subject: Re: Problems with kadmind, kpasswd and cross-realm authentication That looks to me like a bug in the kdc code. Which release do you use ? Markus Anthony Brock [EMAIL

RE: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-24 Thread Anthony Brock
-Original Message- Any ideas? The man page states that kadmind should be able to change passwords for any realms that have an associated kadmin/changepw@REALM and kadmin/admin@REALM principal. Is this still true? Or has support for this functionality been dropped? If not, what

Re: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-24 Thread Markus Moeller
What do you see when you capture the traffic with wireshark on port 88 and 464 ? Do you see the correct kadmin/[EMAIL PROTECTED] tickets ? Markus Anthony Brock [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] -Original Message- Any ideas? The man page states that kadmind

RE: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-24 Thread Anthony Brock
attaching a text export of the packet capture from wireshark. Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Markus Moeller Sent: Monday, September 24, 2007 1:39 PM To: kerberos@mit.edu Subject: Re: Problems with kadmind, kpasswd and cross-realm

Re: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-24 Thread Markus Moeller
PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Markus Moeller Sent: Monday, September 24, 2007 1:39 PM To: kerberos@mit.edu Subject: Re: Problems with kadmind, kpasswd and cross-realm authentication What do you see when you capture the traffic with wireshark on port 88 and 464 ? Do you see

RE: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-08 Thread Anthony Brock
-Original Message- kpasswd doesn't work on the KDC. It only works for the initial realm even when the kpasswd command is issued on the KDC. That's why I'm a little baffled as to how to proceed. I've read the following in the kadmind man page: ... SNIP ... An excerpt of these files

Re: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-05 Thread Christopher D. Clausen
Anthony Brock [EMAIL PROTECTED] wrote: No, the entire network is on a single, private IP address range. In fact, I'm trying these particular commands on the same host that kadmind is running on. However, the behavior is identical from a remote host. Does kpasswd work on the KDC itself for

RE: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-05 Thread Anthony Brock
-Original Message- Anthony Brock [EMAIL PROTECTED] wrote: No, the entire network is on a single, private IP address range. In fact, I'm trying these particular commands on the same host that kadmind is running on. However, the behavior is identical from a remote host. Does

Re: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-05 Thread Jeffrey Altman
Just to clarify. Are you attempting to serve two realms from the same KDC? Anthony Brock wrote: # klist -k FILE:/etc/krb5kdc/kadm5.keytab | egrep 'STERLINGCGI.COM|SCGROUP.ORG' 3 kadmin/[EMAIL PROTECTED] 3 kadmin/[EMAIL PROTECTED] 3 kadmin/[EMAIL PROTECTED] 3 kadmin/[EMAIL

RE: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-04 Thread Anthony Brock
Brock [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 04, 2007 4:03 PM To: kerberos@mit.edu Subject: Problems with kadmind, kpasswd and cross-realm authentication I have created several cross-realm trusts on a test server. At this point, nearly everything is working properly. However, users

Re: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-04 Thread Christopher D. Clausen
Anthony Brock [EMAIL PROTECTED] wrote: I have created several cross-realm trusts on a test server. At this point, nearly everything is working properly. However, users are unable to change their passwords unless their account is in the initial domain. Users see the following when attempting it

RE: Problems with kadmind, kpasswd and cross-realm authentication

2007-09-04 Thread Anthony Brock
-Original Message- Anthony Brock [EMAIL PROTECTED] wrote: I have created several cross-realm trusts on a test server. At this point, nearly everything is working properly. However, users are unable to change their passwords unless their account is in the initial domain. Users see