No to try and rain on your parade but...
Wouldn't it be easier to use the standard mod_auth_kerb lib and write an
apple only directory service apache module (if it doesn't already
exist), and set up the auth kerb as non-authoritative?
Cheers
Edward
On Mon, 2008-01-21 at 10:55 -0700, Nathan Mell
On Fri, Nov 02, 2007 at 01:54:07PM -0400, Kevin Coffman wrote:
> > default_tkt_enctypes = des-cbc-crc
> > default_tgs_enctypes = des-cbc-crc
>
> ktadd does not look at those enctype definitions on the local machine
> where you run ktadd. What is used is the "supported_enctypes" defined
> for
On Nov 2, 2007, at 13:54, Kevin Coffman wrote:
> On 11/2/07, Manoj Mohan <[EMAIL PROTECTED]> wrote:
>> when I did ktutil of my keytab file.. I had 2 entries (with KVNO
>> 2)...
>> I deleted the file and recreated it with ktadd but with -e option
>> to add only one
>> encryption type and then
On 11/2/07, Manoj Mohan <[EMAIL PROTECTED]> wrote:
>
>
> Thanks Kevin.. that suggestion helped a lot!!
>
> when I did ktutil of my keytab file.. I had 2 entries (with KVNO 2)...
> I deleted the file and recreated it with ktadd but with -e option to add
> only one
> encryption type and then the
On 11/2/07, Manoj Mohan <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> I am new to kerberos world.. so forgive my noviceness
>
> I have a KDC running on linux and my client server are also on linux.. After
> registering the user principals and service principals when client is
> connecting to server, I
> "Cesar" == Cesar Garcia <[EMAIL PROTECTED]> writes:
Cesar> Hi, I'm am trying to change the behavior of a functioning
Cesar> GSS-enabled application server such that the server
Cesar> principal and corresponding keytab entry used by
Cesar> gss_accept_sec_context is determined