thanks for verifying the behavior! One of my biggest concerns was if
> I
> had missed a configuration step.
>
> Tony
>
> - Original Message -----
> From: "Markus Moeller" <[EMAIL PROTECTED]>
> Newsgroups: comp.protocols.kerberos
> To:
> S
In regard to: Re: Problems with kadmind, kpasswd and cross-realm...:
> That is why I asked earlier if it was safe to use multiple kadmind daemons
> against the same database. If it is safe, then I can launch multiple
> processes (one for each realm). However, it if isn't safe, I'm assuming that
>
Message -
From: "Markus Moeller" <[EMAIL PROTECTED]>
Newsgroups: comp.protocols.kerberos
To:
Sent: Tuesday, September 25, 2007 2:05 PM
Subject: Re: Problems with kadmind, kpasswd and cross-realm authentication
>I can reproduce the problem on my Suse 10.2 box with krb5-1.5.1
> server (KDC)
>
> Tony
>
>
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>> Behalf Of Markus Moeller
>> Sent: Monday, September 24, 2007 4:15 PM
>> To: kerberos@mit.edu
>> Subject: Re: Problems with kadmind, kpasswd and c
Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Behalf Of Markus Moeller
> Sent: Monday, September 24, 2007 4:15 PM
> To: kerberos@mit.edu
> Subject: Re: Problems with kadmind, kpasswd and cross-realm
> authentication
>
>
> That looks to me like a bug in the
ark didn't seem to understand the contents of the packet. Other than
> this anomaly, the REALM looks good to me.
>
> I'm also attaching a "text" export of the packet capture from wireshark.
>
> Tony
>
>
>> -----Original Message-
>> From: [EMAIL PROTEC
understand the contents of the packet. Other than
this anomaly, the REALM looks good to me.
I'm also attaching a "text" export of the packet capture from wireshark.
Tony
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Behalf Of Markus Moell
What do you see when you capture the traffic with wireshark on port 88 and
464 ? Do you see the correct kadmin/[EMAIL PROTECTED] tickets ?
Markus
"Anthony Brock" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>> -Original Message-
>> Any ideas?
>>
>> The man page states th
> -Original Message-
> Any ideas?
>
> The man page states that kadmind should be able to change
> passwords for any
> realms that have an associated kadmin/changepw@ and
> kadmin/admin@ principal. Is this still true? Or has
> support for this
> functionality been dropped? If not, what debug
> -Original Message-
> kpasswd doesn't work on the KDC. It only works for the initial realm even
> when the kpasswd command is issued on the KDC. That's why I'm a little
> baffled as to how to proceed. I've read the following in the kadmind man
> page:
>
< ... SNIP ...
>
> An excerpt of the
Just to clarify. Are you attempting to serve two realms
from the same KDC?
Anthony Brock wrote:
>
> # klist -k FILE:/etc/krb5kdc/kadm5.keytab | egrep
> 'STERLINGCGI.COM|SCGROUP.ORG'
>3 kadmin/[EMAIL PROTECTED]
>3 kadmin/[EMAIL PROTECTED]
>3 kadmin/[EMAIL PROTECTED]
>3 kadmin/[EMAI
> -Original Message-
> Anthony Brock <[EMAIL PROTECTED]> wrote:
> > No, the entire network is on a single, private IP address range. In
> > fact, I'm trying these particular commands on the same host that
> > kadmind is running on. However, the behavior is identical from a
> > remote host.
Anthony Brock <[EMAIL PROTECTED]> wrote:
> No, the entire network is on a single, private IP address range. In
> fact, I'm trying these particular commands on the same host that
> kadmind is running on. However, the behavior is identical from a
> remote host.
Does kpasswd work on the KDC itself fo
> -Original Message-
> Anthony Brock <[EMAIL PROTECTED]> wrote:
> > I have created several cross-realm trusts on a test server. At this
> > point, nearly everything is working properly. However, users are
> > unable to change their passwords unless their account is in the
> > initial domain
Anthony Brock <[EMAIL PROTECTED]> wrote:
> I have created several cross-realm trusts on a test server. At this
> point, nearly everything is working properly. However, users are
> unable to change their passwords unless their account is in the
> initial domain. Users see the following when attempti
Also, I forgot to mention that I'm running Debian testing with the following
packages:
ii krb5-admin-server 1.6.dfsg.1-6 MIT Kerberos master
server (kadmind)
ii krb5-config 1.17 Configuration files for
Kerberos Version 5
ii krb5-doc
16 matches
Mail list logo