On 28/3/23 09:24, Ken Hornstein wrote:
You can specify the certificate exactly on the 'kinit' command line
with the "-X X509_user_identity" option (this has the same format
as the pkinit_identities option in krb5.conf). Now this option isn't
supported for kadmin, but you can do:
% kinit -X
>First problem: I have a second principal, jason/admin, for use with
>kadmin. I've generated a certificate that can authenticate. However, now
>that I have two certificates (one for jason and another for
>jason/admin), it isn't clear how to configure the client to offer the
>correct
Dear kerberos community,
I've set up a very small MIT Kerberos installation for my own use, with
MIT Kerberos under Linux. In experimenting with the PKINIT
configuration, I have essentially followed the MIT Kerberos
documentation (using openssl to generate keys and certificates), and
reached
der_list_questions(). Only
> "password" is proposed.
>
>
> How can I add "pkinit" or even "otp" in the list of preauth questions ?
>
>
> Thank you
>
> Kerberos mailing list
>
an I add "pkinit" or even "otp" in the list of preauth questions ?
Thank you
____
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On 11/07/2016 03:14 AM, 旺邑 wrote:
>I had downloaded the source code of krb5-1.13.4 from your page. Then I
> used the commands ''./configure'',"make" and "make check" to configure and
> compile the source code. However, there was no executable file of the file
>
Dear Professor,
I am a college student in China and I am now studying Kerberos protocol.
But during my experiment, I have encountered a problem which I'd like to
discuss with you about. Here is my problem:
I had downloaded the source code of krb5-1.13.4 from your page. Then I used
the
houyuan <15606931...@163.com> writes:
>I have a strange question here. I hope to get a solution.
>I set the timing task to get the authentication information.
>
>but
>
> and KDC Server log
It seems like you attached some images to
Hi:
I have a strange question here. I hope to get a solution.
I set the timing task to get the authentication information.
but
and KDC Server log
so,Why update authentication information in 7:10:35, and the KDC service
receives
Hi all,
Can someone please guide me in understanding the use of the function
gss_krb5_ccache_name?
I have a user name and password for a specific user and want to generate a
temporary ticket for the user (whcih i store in the memory) and then swicth the
context to that ticket and then
Hi all,
I am not sure whether this is right place for these questions. If so,
I do apologise.
I have been using ethereal to analysis the kerberos packets.
1. I notice that some of the kerberos (windows authentication) packets
have principal with dollar sign character at the end. Also the
Joseph Kuan [EMAIL PROTECTED] wrote:
1. I notice that some of the kerberos (windows authentication) packets
have principal with dollar sign character at the end. Also the
principal
is not the user name, it is actually the hostname. What does it mean?
Those are the principals for machine or
Hi all,
I have the following questions by looking at the kerberos packets
(Windows login) through ethereal:
1. There are several service names, such as host, ldap, LDAP, cifs,
etc
What is the difference between ldap and LDAP?
What does service, host, do?
2. There are some
Hello all,
I have some questions that I would appreciate getting some expert
Kerberos assistance with.
1) Is SQL Server limited to DES encryption only?
The reason I ask is that I have discovered empirically that the
SQL Server service startup account needs to set the Active Directory
Sleepy wrote:
Hello all,
I have some questions that I would appreciate getting some expert
Kerberos assistance with.
1) Is SQL Server limited to DES encryption only?
The reason I ask is that I have discovered empirically that the
SQL Server service startup account needs to set
Hi people,
Could someone tell me
- what is GSS_API? is it always used in kerberos?
- what is IAKERB?
- Is it possible to map kerberos in Extensible Authentification Protocol (EAP)?
I haven't found simple docs on the web excepted some IETF RFCs and drafts...
which are very difficult to
16 matches
Mail list logo