I got it to work. It looks like the Solaris 10 is checking the
realm of the kadmind server host, but why? It already got
a ticket for it. It does not check that the host of the kdc is
in the realm so why check the kadmind? Is this some gss implementation
imposed restriction?
What this means is
On Fri, Jun 03, 2005 at 01:47:40PM -0500, Douglas E. Engert wrote:
Is this some gss implementation
imposed restriction?
An RPCSEC_GSS API issue.
What this means is that a kadmind can only serve a single realm.
We've never claimed to support more than
: Using Solaris 10 kadmin with MIT 1.4.1 kadmind
I got it to work. It looks like the Solaris 10 is checking the
realm of the kadmind server host, but why? It already got
a ticket for it. It does not check that the host of the kdc is
in the realm so why check the kadmind? Is this some gss
Heilke, == Heilke, Rainer [EMAIL PROTECTED] writes:
Heilke, A bug... Well, that makes us feel better in the sense
Heilke, that we aren't losing our marbles. I guess now, we just
Heilke, have to wait for the bug to get fixed. Unfortunately,
Heilke, this is now one of two issues
Nicolas Williams wrote:
On Fri, Jun 03, 2005 at 01:47:40PM -0500, Douglas E. Engert wrote:
Is this some gss implementation
imposed restriction?
An RPCSEC_GSS API issue.
What this means is that a kadmind can only serve a single realm.
We've
On Fri, Jun 03, 2005 at 02:16:09PM -0500, Douglas E. Engert wrote:
Nicolas Williams wrote:
On Fri, Jun 03, 2005 at 01:47:40PM -0500, Douglas E. Engert wrote:
What this means is that a kadmind can only serve a single realm.
We've never claimed to support more than one. IIRC neither has
On Fri, Jun 03, 2005 at 01:13:23PM -0600, Heilke, Rainer wrote:
A bug... Well, that makes us feel better in the sense that we aren't
losing our marbles. I guess now, we just have to wait for the bug to get
fixed. Unfortunately, this is now one of two issues that hold back any
Solaris 10
On Fri, Jun 03, 2005 at 03:20:07PM -0400, Sam Hartman wrote:
Heilke, == Heilke, Rainer [EMAIL PROTECTED] writes:
Heilke, A bug... Well, that makes us feel better in the sense
Heilke, that we aren't losing our marbles. I guess now, we just
Heilke, have to wait for the bug to get
in their weekly patch club report.
Rainer Heilke
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas E. Engert
Sent: Friday, June 03, 2005 12:48 PM
To: 'kerberos@mit.edu'
Cc: Nicolas Williams
Subject: Re: Using Solaris 10 kadmin with MIT 1.4.1 kadmind
We aren't doing multiple domains; just the one.
Rainer
-Original Message-
From: Sam Hartman [mailto:[EMAIL PROTECTED]
Sent: Friday, June 03, 2005 1:20 PM
To: Heilke, Rainer
Cc: Douglas E. Engert; kerberos@MIT.EDU; Nicolas Williams
Subject: Re: Using Solaris 10 kadmin with MIT
Douglas == Douglas E Engert [EMAIL PROTECTED] writes:
Douglas and the man page for kadmind talks about serving multiple
Douglas realms, but I dont' see how it does.
*sigh*
An older kadmind (1995 era) did sort of support multiple realms,
although it did not actually support some more
On Fri, Jun 03, 2005 at 01:26:42PM -0600, Heilke, Rainer wrote:
We aren't doing multiple domains; just the one.
So then there's no issue for you. Doug may still want an RFE filed.
Kerberos mailing list Kerberos@mit.edu
Sam Hartman wrote:
Douglas == Douglas E Engert [EMAIL PROTECTED] writes:
Douglas and the man page for kadmind talks about serving multiple
Douglas realms, but I dont' see how it does.
*sigh*
An older kadmind (1995 era) did sort of support multiple realms,
although it did not
.
Rainer Heilke
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas E. Engert
Sent: Friday, June 03, 2005 12:48 PM
To: 'kerberos@mit.edu'
Cc: Nicolas Williams
Subject: Re: Using Solaris 10 kadmin with MIT 1.4.1 kadmind
I got it to work. It looks
as all of the other systems in the test lab).
Thanks.
Rainer
-Original Message-
From: Douglas E. Engert [mailto:[EMAIL PROTECTED]
Sent: Friday, June 03, 2005 1:38 PM
To: Heilke, Rainer
Cc: kerberos@mit.edu
Subject: Re: Using Solaris 10 kadmin with MIT 1.4.1 kadmind
Heilke
On Fri, Jun 03, 2005 at 02:32:20PM -0500, Douglas E. Engert wrote:
Sam Hartman wrote:
Douglas == Douglas E Engert [EMAIL PROTECTED] writes:
Douglas and the man page for kadmind talks about serving multiple
Douglas realms, but I dont' see how it does.
*sigh*
An older
On Friday, June 03, 2005 01:32:20 PM -0600 Heilke, Rainer
[EMAIL PROTECTED] wrote:
P.S. What is the other issue?
Sun's lack of a ksu binary. The way we use ksu, RBAC and su simply do
not provide the same functionality. We have an RFE open on this. BTW, if
anyone else needs ksu, please add
Known bug.
Our RPCSEC_GSS APIs force us to use hostbased princs for the server, and
MIT krb5, though it now implements RPCSEC_GSS, did not match this behaviour.
On Thu, Jun 02, 2005 at 02:20:36PM -0500, Douglas E. Engert wrote:
While trying to use the Solaris 10 Kerberos, most things in a
Nicolas == Nicolas Williams [EMAIL PROTECTED] writes:
Nicolas Known bug. Our RPCSEC_GSS APIs force us to use hostbased
Nicolas princs for the server, and MIT krb5, though it now
Nicolas implements RPCSEC_GSS, did not match this behaviour.
No. If you create the hostbased principal
Sam Hartman wrote:
Nicolas == Nicolas Williams [EMAIL PROTECTED] writes:
Nicolas Known bug. Our RPCSEC_GSS APIs force us to use hostbased
Nicolas princs for the server, and MIT krb5, though it now
Nicolas implements RPCSEC_GSS, did not match this behaviour.
No. If you create
I'd definitely expect this to work against a 1.4.1 kadmin server
assuming the server has the same idea of its hostname as your client.
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
] On Behalf Of Sam Hartman
Sent: Thursday, June 02, 2005 2:01 PM
To: Douglas E. Engert
Cc: 'kerberos@mit.edu'
Subject: Re: Using Solaris 10 kadmin with MIT 1.4.1 kadmind
I'd definitely expect this to work against a 1.4.1 kadmin server
assuming the server has the same idea of its hostname
22 matches
Mail list logo
