In regard to: Re: Problems with kadmind, kpasswd and cross-realm...:
That is why I asked earlier if it was safe to use multiple kadmind daemons
against the same database. If it is safe, then I can launch multiple
processes (one for each realm). However, it if isn't safe, I'm assuming that
PROTECTED]
Newsgroups: comp.protocols.kerberos
To: kerberos@mit.edu
Sent: Tuesday, September 25, 2007 2:05 PM
Subject: Re: Problems with kadmind, kpasswd and cross-realm authentication
I can reproduce the problem on my Suse 10.2 box with krb5-1.5.1-23.6
installed. Depending how I start kadmind
[EMAIL PROTECTED]
Newsgroups: comp.protocols.kerberos
To: kerberos@mit.edu
Sent: Tuesday, September 25, 2007 2:05 PM
Subject: Re: Problems with kadmind, kpasswd and cross-realm authentication
I can reproduce the problem on my Suse 10.2 box with krb5-1.5.1-23.6
installed. Depending how I start
] [mailto:[EMAIL PROTECTED]
Behalf Of Markus Moeller
Sent: Monday, September 24, 2007 4:15 PM
To: kerberos@mit.edu
Subject: Re: Problems with kadmind, kpasswd and cross-realm
authentication
That looks to me like a bug in the kdc code. Which release do you use ?
Markus
Anthony Brock [EMAIL
-Original Message-
Any ideas?
The man page states that kadmind should be able to change
passwords for any
realms that have an associated kadmin/changepw@REALM and
kadmin/admin@REALM principal. Is this still true? Or has
support for this
functionality been dropped? If not, what
What do you see when you capture the traffic with wireshark on port 88 and
464 ? Do you see the correct kadmin/[EMAIL PROTECTED] tickets ?
Markus
Anthony Brock [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
-Original Message-
Any ideas?
The man page states that kadmind
attaching a text export of the packet capture from wireshark.
Tony
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Markus Moeller
Sent: Monday, September 24, 2007 1:39 PM
To: kerberos@mit.edu
Subject: Re: Problems with kadmind, kpasswd and cross-realm
PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Markus Moeller
Sent: Monday, September 24, 2007 1:39 PM
To: kerberos@mit.edu
Subject: Re: Problems with kadmind, kpasswd and cross-realm
authentication
What do you see when you capture the traffic with wireshark on
port 88 and
464 ? Do you see
-Original Message-
kpasswd doesn't work on the KDC. It only works for the initial realm even
when the kpasswd command is issued on the KDC. That's why I'm a little
baffled as to how to proceed. I've read the following in the kadmind man
page:
... SNIP ...
An excerpt of these files
Anthony Brock [EMAIL PROTECTED] wrote:
No, the entire network is on a single, private IP address range. In
fact, I'm trying these particular commands on the same host that
kadmind is running on. However, the behavior is identical from a
remote host.
Does kpasswd work on the KDC itself for
-Original Message-
Anthony Brock [EMAIL PROTECTED] wrote:
No, the entire network is on a single, private IP address range. In
fact, I'm trying these particular commands on the same host that
kadmind is running on. However, the behavior is identical from a
remote host.
Does
Just to clarify. Are you attempting to serve two realms
from the same KDC?
Anthony Brock wrote:
# klist -k FILE:/etc/krb5kdc/kadm5.keytab | egrep
'STERLINGCGI.COM|SCGROUP.ORG'
3 kadmin/[EMAIL PROTECTED]
3 kadmin/[EMAIL PROTECTED]
3 kadmin/[EMAIL PROTECTED]
3 kadmin/[EMAIL
Brock [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 04, 2007 4:03 PM
To: kerberos@mit.edu
Subject: Problems with kadmind, kpasswd and cross-realm authentication
I have created several cross-realm trusts on a test server. At
this point, nearly everything is working properly. However, users
Anthony Brock [EMAIL PROTECTED] wrote:
I have created several cross-realm trusts on a test server. At this
point, nearly everything is working properly. However, users are
unable to change their passwords unless their account is in the
initial domain. Users see the following when attempting it
-Original Message-
Anthony Brock [EMAIL PROTECTED] wrote:
I have created several cross-realm trusts on a test server. At this
point, nearly everything is working properly. However, users are
unable to change their passwords unless their account is in the
initial domain. Users see
15 matches
Mail list logo