Re: Problems with kadmind, kpasswd and cross-realm authentication

thanks for verifying the behavior! One of my biggest concerns was if > I > had missed a configuration step. > > Tony > > - Original Message ----- > From: "Markus Moeller" <[EMAIL PROTECTED]> > Newsgroups: comp.protocols.kerberos > To: > S

Re: Problems with kadmind, kpasswd and cross-realm authentication

In regard to: Re: Problems with kadmind, kpasswd and cross-realm...: > That is why I asked earlier if it was safe to use multiple kadmind daemons > against the same database. If it is safe, then I can launch multiple > processes (one for each realm). However, it if isn't safe, I'm assuming that >

Re: Problems with kadmind, kpasswd and cross-realm authentication

Message - From: "Markus Moeller" <[EMAIL PROTECTED]> Newsgroups: comp.protocols.kerberos To: Sent: Tuesday, September 25, 2007 2:05 PM Subject: Re: Problems with kadmind, kpasswd and cross-realm authentication >I can reproduce the problem on my Suse 10.2 box with krb5-1.5.1

Re: Problems with kadmind, kpasswd and cross-realm authentication

> server (KDC) > > Tony > > >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Behalf Of Markus Moeller >> Sent: Monday, September 24, 2007 4:15 PM >> To: kerberos@mit.edu >> Subject: Re: Problems with kadmind, kpasswd and c

RE: Problems with kadmind, kpasswd and cross-realm authentication

Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Markus Moeller > Sent: Monday, September 24, 2007 4:15 PM > To: kerberos@mit.edu > Subject: Re: Problems with kadmind, kpasswd and cross-realm > authentication > > > That looks to me like a bug in the

Re: Problems with kadmind, kpasswd and cross-realm authentication

ark didn't seem to understand the contents of the packet. Other than > this anomaly, the REALM looks good to me. > > I'm also attaching a "text" export of the packet capture from wireshark. > > Tony > > >> -----Original Message- >> From: [EMAIL PROTEC

RE: Problems with kadmind, kpasswd and cross-realm authentication

understand the contents of the packet. Other than this anomaly, the REALM looks good to me. I'm also attaching a "text" export of the packet capture from wireshark. Tony > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Markus Moell

Re: Problems with kadmind, kpasswd and cross-realm authentication

What do you see when you capture the traffic with wireshark on port 88 and 464 ? Do you see the correct kadmin/[EMAIL PROTECTED] tickets ? Markus "Anthony Brock" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >> -Original Message- >> Any ideas? >> >> The man page states th

RE: Problems with kadmind, kpasswd and cross-realm authentication

> -Original Message- > Any ideas? > > The man page states that kadmind should be able to change > passwords for any > realms that have an associated kadmin/changepw@ and > kadmin/admin@ principal. Is this still true? Or has > support for this > functionality been dropped? If not, what debug

RE: Problems with kadmind, kpasswd and cross-realm authentication

> -Original Message- > kpasswd doesn't work on the KDC. It only works for the initial realm even > when the kpasswd command is issued on the KDC. That's why I'm a little > baffled as to how to proceed. I've read the following in the kadmind man > page: > < ... SNIP ... > > An excerpt of the

Re: Problems with kadmind, kpasswd and cross-realm authentication

Just to clarify. Are you attempting to serve two realms from the same KDC? Anthony Brock wrote: > > # klist -k FILE:/etc/krb5kdc/kadm5.keytab | egrep > 'STERLINGCGI.COM|SCGROUP.ORG' >3 kadmin/[EMAIL PROTECTED] >3 kadmin/[EMAIL PROTECTED] >3 kadmin/[EMAIL PROTECTED] >3 kadmin/[EMAI

RE: Problems with kadmind, kpasswd and cross-realm authentication

> -Original Message- > Anthony Brock <[EMAIL PROTECTED]> wrote: > > No, the entire network is on a single, private IP address range. In > > fact, I'm trying these particular commands on the same host that > > kadmind is running on. However, the behavior is identical from a > > remote host.

Re: Problems with kadmind, kpasswd and cross-realm authentication

Anthony Brock <[EMAIL PROTECTED]> wrote: > No, the entire network is on a single, private IP address range. In > fact, I'm trying these particular commands on the same host that > kadmind is running on. However, the behavior is identical from a > remote host. Does kpasswd work on the KDC itself fo

RE: Problems with kadmind, kpasswd and cross-realm authentication

> -Original Message- > Anthony Brock <[EMAIL PROTECTED]> wrote: > > I have created several cross-realm trusts on a test server. At this > > point, nearly everything is working properly. However, users are > > unable to change their passwords unless their account is in the > > initial domain

Re: Problems with kadmind, kpasswd and cross-realm authentication

Anthony Brock <[EMAIL PROTECTED]> wrote: > I have created several cross-realm trusts on a test server. At this > point, nearly everything is working properly. However, users are > unable to change their passwords unless their account is in the > initial domain. Users see the following when attempti

RE: Problems with kadmind, kpasswd and cross-realm authentication

Also, I forgot to mention that I'm running Debian testing with the following packages: ii krb5-admin-server 1.6.dfsg.1-6 MIT Kerberos master server (kadmind) ii krb5-config 1.17 Configuration files for Kerberos Version 5 ii krb5-doc