.
From: Russ Allbery [r...@stanford.edu]
Sent: 03 May 2012 18:01
To: Sebastian Galiano
Cc: Jeff Blaine; kerberos@mit.edu
Subject: Re: Streamlining host principal keytab provisioning?
Sebastian Galiano sebastian.gali...@spilgames.com writes:
First I
My next step is to create a puppet recipe to automatize all the
process and to packet-ize wallet so it is easier to install it.
I, for one, would be interested in your Puppet solution once you have
it. :)
-JP
Kerberos mailing list
Sebastian Galiano sebastian.gali...@spilgames.com writes:
It's working!! :) ...I had to reboot kadmind! That was the problem. Now
i can get keytabs! . My next step is to create a puppet recipe to
automatize all the process and to packet-ize wallet so it is easier to
install it. I will also
Jan-Piet Mens jpmens@gmail.com writes:
My next step is to create a puppet recipe to automatize all the
process and to packet-ize wallet so it is easier to install it.
I, for one, would be interested in your Puppet solution once you have
it. :)
Incidentally, here's the client-side
Sebastian Galiano sebastian.gali...@spilgames.com writes:
And then I tried to get that keytab from the clien (host.domain.org):
$wallet -f file get keytab nfs/host.domain.org -s server.domain.org
wallet: error creating keytab for nfs/host.domain.org@REALM: Operation
requires
, closing connection
remctld: child 32600 done
From: Russ Allbery [r...@stanford.edu]
Sent: 07 May 2012 18:20
To: Sebastian Galiano
Cc: Jeff Blaine; kerberos@mit.edu
Subject: Re: Streamlining host principal keytab provisioning?
Sebastian Galiano sebastian.gali
Sebastian Galiano sebastian.gali...@spilgames.com writes:
Wheny I try:
$ wallet create keytab nfs/host.domain.org
wallet: keytab object implementation not configured
Now we're getting somewhere. :)
That error message means that you've not configured at least one of the
mandatory settings
remctld: child 1400 done
From: Russ Allbery [r...@stanford.edu]
Sent: 08 May 2012 08:37
To: Sebastian Galiano
Cc: Jeff Blaine; kerberos@mit.edu
Subject: Re: Streamlining host principal keytab provisioning?
Sebastian Galiano sebastian.gali...@spilgames.com
Sebastian Galiano sebastian.gali...@spilgames.com writes:
Ok this is my wallet.conf at the wallet client:
$KEYTABFILE= '/home/USER/krb5.test';
$KEYTAB_FILE, I assume.
$KEYTAB_KRBTYPE= 'MIT';
$KEYTAB_PRINCIPAL= 'host.domain.org';
Usually this has a slash in it somewhere. Are you sure
Cc: Jeff Blaine; kerberos@mit.edu
Subject: Re: Streamlining host principal keytab provisioning?
Sebastian Galiano sebastian.gali...@spilgames.com writes:
Ok this is my wallet.conf at the wallet client:
$KEYTABFILE= '/home/USER/krb5.test';
$KEYTAB_FILE, I assume.
$KEYTAB_KRBTYPE= 'MIT
4532 done
From: Russ Allbery [r...@stanford.edu]
Sent: 08 May 2012 09:16
To: Sebastian Galiano
Cc: Jeff Blaine; kerberos@mit.edu
Subject: Re: Streamlining host principal keytab provisioning?
Sebastian Galiano sebastian.gali...@spilgames.com writes
Sebastian Galiano sebastian.gali...@spilgames.com writes:
Ok, from the same wallet server I executed the following command:
wallet create keytab nfs/host.domain.org -s server.domain.org
My wallet.conf is:
$DB_DRIVER = 'mysql';
$DB_NAME = 'wallet';
$DB_HOST = 'localhost';
$DB_USER =
; kerberos@mit.edu
Subject: Re: Streamlining host principal keytab provisioning?
Sebastian Galiano sebastian.gali...@spilgames.com writes:
I had some problems trying to execute the commands you recommend me with
the admin user. Then, I've tried to start almost all over. I've erased
the wallet database
Sebastian Galiano sebastian.gali...@spilgames.com writes:
The USER@REALM was exactly the user I used to execute the command
'wallet-admin initialize USER@REALM'.
After that I tried to create and object using :
wallet create keytab nfs/host.domain.org
I keep on having an : wallet:
principal keytab provisioning?
Sebastian Galiano sebastian.gali...@spilgames.com writes:
First I will like to add a user to the ADMIN ACL , for that purpose I
modified the remctl.conf and substituted each line with ANYUSER for the
path to a ACL file.
That won't help. I'm afraid you're confusing
tell me what is the
format in which I should write the ACL file?
From: Russ Allbery [r...@stanford.edu]
Sent: 02 May 2012 18:15
To: Sebastian Galiano
Cc: Jeff Blaine; kerberos@mit.edu
Subject: Re: Streamlining host principal keytab provisioning?
Sebastian
Sebastian Galiano sebastian.gali...@spilgames.com writes:
First I will like to add a user to the ADMIN ACL , for that purpose I
modified the remctl.conf and substituted each line with ANYUSER for the
path to a ACL file.
That won't help. I'm afraid you're confusing the remctl ACLs and the
the privileges, how is it that it is not
authorized? Does it have anything to do with wallet ACL?
From: Russ Allbery [r...@stanford.edu]
Sent: 02 May 2012 00:47
To: Sebastian Galiano
Cc: Jeff Blaine; kerberos@mit.edu
Subject: Re: Streamlining host principal
Sebastian Galiano sebastian.gali...@spilgames.com writes:
Ok, as you pointed I didnt had a principal for the wallet server (it is
also the kdc server). Adding the principal solved that problem. Now to
the same command:
$wallet -f keytab get keytab nfs/hostname.REALMNAME
wallet:
From: Russ Allbery [r...@stanford.edu]
Sent: 27 April 2012 18:25
To: Sebastian Galiano
Cc: Jeff Blaine; kerberos@mit.edu
Subject: Re: Streamlining host principal keytab provisioning?
Sebastian Galiano sebastian.gali...@spilgames.com writes:
Ok...I i follow
Sebastian Galiano sebastian.gali...@spilgames.com writes:
Slowly I managing to make some steps forward! :)...Now i got the remctld
running,and i added the wallet configuration into the krb5.conf (client
side). But when try to get a ticket I get the following error:
$wallet -f keytab get
...@stanford.edu]
Sent: 26 April 2012 17:19
To: Sebastian Galiano
Cc: Jeff Blaine; kerberos@mit.edu
Subject: Re: Streamlining host principal keytab provisioning?
Sebastian Galiano sebastian.gali...@spilgames.com writes:
I'm trying to install a wallet service in my KDC server but it is not an
easy
Sebastian Galiano sebastian.gali...@spilgames.com writes:
Ok...I i follow the instructions, but now I'm getting this error when i
try to execute the daemon:
$sudo remctld -S
remctld: cannot get peer address: Socket operation on non-socket
There are two ways to run remctld: either run it from
...@mit.edu] on behalf of Russ
Allbery [r...@stanford.edu]
Sent: 24 April 2012 17:58
To: Jeff Blaine
Cc: kerberos@mit.edu
Subject: Re: Streamlining host principal keytab provisioning?
Jeff Blaine jbla...@kickflop.net writes:
How are people provisioning host principal keytabs in large quantities
Sebastian Galiano sebastian.gali...@spilgames.com writes:
I'm trying to install a wallet service in my KDC server but it is not an
easy thing.
It hasn't been widely poked at by people other than me, so I'm not too
surprised. Do let me know what problems you run into.
I Followed the setup
How are people provisioning host principal keytabs in
large quantities? I've never really seen anyone discuss
this. It's not 1988 anymore ;)
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
To: kerberos@mit.edu
Subject: Streamlining host principal keytab provisioning?
How are people provisioning host principal keytabs in
large quantities? I've never really seen anyone discuss
this. It's not 1988 anymore ;)
Kerberos mailing list
-boun...@mit.edu [kerberos-boun...@mit.edu] on behalf
of Jeff Blaine [jbla...@kickflop.net]
Sent: 24 April 2012 15:06
To: kerberos@mit.edu
Subject: Streamlining host principal keytab provisioning?
How are people provisioning host principal keytabs in
large quantities? I've never really seen
On 24 Apr 2012, at 14:06, Jeff Blaine jbla...@kickflop.net wrote:
How are people provisioning host principal keytabs in
large quantities? I've never really seen anyone discuss
this. It's not 1988 anymore ;)
I built a system to do this for my former employer, and presented on it at the
2005
Jeff Blaine jbla...@kickflop.net writes:
How are people provisioning host principal keytabs in large quantities?
http://www.eyrie.org/~eagle/software/wallet/
--
Russ Allbery (r...@stanford.edu) http://www.eyrie.org/~eagle/
Kerberos
On Tue, Apr 24, 2012 at 09:06:52AM -0400, Jeff Blaine wrote:
How are people provisioning host principal keytabs in
large quantities? I've never really seen anyone discuss
this. It's not 1988 anymore ;)
I've written some tools that are in use at a couple of places which
have reasonably large
31 matches
Mail list logo
