RE: Question about Windows S4U support

Thanks for the reply. One strange thing is that when Windows is using AD domain, sname doesn't have this format: host/win11client.mylab.com but win11client$. I have no idea what makes Windows have this difference. For PAC validation error, I also can't get more detailed inform

Re: Question about Windows S4U support

On 11/8/23 09:23, JianJun Li wrote: In fact, principle "host/win11client.mylab@mylab.com" exists. By Wireshark I can see Windows sends "host/win11client.mylab@mylab.com" as sname, KDC converts the sname to host\/win11client.mylab@mylab.com. I have a look at

RE: Question about Windows S4U support

Thank you Ken for the valuable feedback. I'm using latest version V1.21 with its default backend DB. After the test, if all works, I will try the combination MIT KDC + OpenLDAP then. There are not so much available materials I can refer to like my case. Sometimes I really doubt Window

Re: Question about Windows S4U support

I am DEFINITELY not an expert in S4U* nor Windows APIs, but I have looked into this a BIT and I can give you some thoughts. >Now we wants to switch from Windows AD to MIT KDC. Currently windows >can be authenticated by MIT KDC without any problem but Windows API >LSALogonUser() in our ap

Question about Windows S4U support

Hi everyone, We have an application with Windows client + AD domain, for S4USelf, it works well. In our application, it calls LSALogonUser() to impersonate a user which will use S4USelf by setting up Windows structure KERB_S4U_LOGON. Now we wants to switch from Windows AD to MIT KDC

Re: kerberos client on windows not being able to access credentials cache ("Internal credentials cache error")

f critically >condensed knowledge in the subject matter. Of course nobody owes me >nothing here - sorry. Thank you; I for one appreciate your apology. >> Judging by the thread you posted, it sure seems like the problem >> was specific to the Postgresql implementation on Windows so it&#

Re: kerberos client on windows not being able to access credentials cache ("Internal credentials cache error")

nyone else, but I didn't know the answer (and it involved Windows, which I am not that familiar with), _and_ my day job does not pay me to support people on the MIT Kerberos mailing list. That's not to say I'm opposed to helping people, but if I don't know the answer I'm

Re: kerberos client on windows not being able to access credentials cache ("Internal credentials cache error")

On 10.03.23 18:12, Sam Hartman wrote: "Tomas" == Tomas Pospisek writes: Tomas> Also, since I got precisely zilch feedback here while there Tomas> were other postings here I'm under the impression that this Tomas> is a mailing list with *no* user support (but instead a Tomas

Re: kerberos client on windows not being able to access credentials cache ("Internal credentials cache error")

Greetings, * Tomas Pospisek (t...@sourcepole.ch) wrote: > In case anybody is interested (or as a reference for future readers): I was > able to resolve the problem. See > https://www.postgresql.org/message-id/08b836a7-272a-2309-da45-ac691fccacb8%40sourcepole.ch > for details. Yes, you're welcome

Re: kerberos client on windows not being able to access credentials cache ("Internal credentials cache error")

answer (and it involved Windows, which I am not that familiar with), _and_ my day job does not pay me to support people on the MIT Kerberos mailing list. That's not to say I'm opposed to helping people, but if I don't know the answer I'm not going to chime in with a "Sorry, I

Re: kerberos client on windows not being able to access credentials cache ("Internal credentials cache error")

> "Tomas" == Tomas Pospisek writes: Tomas> Also, since I got precisely zilch feedback here while there Tomas> were other postings here I'm under the impression that this Tomas> is a mailing list with *no* user support (but instead a Tomas> development list or similar). If that

Re: kerberos client on windows not being able to access credentials cache ("Internal credentials cache error")

port 5432 failed: could not initiate GSSAPI     security context: No credentials were supplied, or the credentials     were unavailable or inaccessible: Internal credentials cache error Goal I want to have my Postgresql clients (in this case psql.exe) on Windows to authenticate against Ac

kerberos client on windows not being able to access credentials cache ("Internal credentials cache error")

lable or inaccessible: Internal credentials cache error Goal I want to have my Postgresql clients (in this case psql.exe) on Windows to authenticate against Active Directory. Steps taken so far == Linux client -> Active Directory -> Linu

Re: windows and smartcards

>gotcha, thank you very much for all the help. >I guess just out of curiosity: >- for windows: there are other tools such as heimdall and microsoft >kerberos. with those I don't know if you ever played around with them or >know if they support smartcard and pin authentica

Re: windows and smartcards

gotcha, thank you very much for all the help. I guess just out of curiosity: - for windows: there are other tools such as heimdall and microsoft kerberos. with those I don't know if you ever played around with them or know if they support smartcard and pin authentication to get a ticket man

Re: windows and smartcards

Hi, for more information on this" - People I work with have adapted the stock MIT Kerberos PKINIT plugin to work on Windows. Do you have any sort of documentation that you can point me to on how to make this work with windows. And also Mac as, we also have Mac users. Currently, my main

Re: windows and smartcards

>for more information on this" >- People I work with have adapted the stock MIT Kerberos PKINIT plugin > to work on Windows. > >Do you have any sort of documentation that you can point me to on how to >make this work with windows. And also Mac as, we also have Mac users.

Re: windows and smartcards

>i was wondering if the question listed in the link below was ever answered >and if not, i was hoping you could provide please. >https://mailman.mit.edu/pipermail/kerberos/2010-September/016423.html I can provide a quick summary: - Current stock MIT Kerberos for Windows does not suppo

windows and smartcards

HI, i was wondering if the question listed in the link below was ever answered and if not, i was hoping you could provide please. https://mailman.mit.edu/pipermail/kerberos/2010-September/016423.html -- Thank you, Prabin Tamang Kerberos mailing li

Cross compilation problems targeting mac and windows

e the configure run through: ``' krb5-1.19.3/src$ ac_cv_func_regcomp=yes ac_cv_printf_positional=yes krb5_cv_attr_constructor_destructor=yes,yes ./configure --build=x86_64-linux-gnu --host=aarch64-linux-musl ``` With this I can build for linux and bsd, but it fails to build for mac and window

Windows

Windows Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Kerberos for Windows Logging

Norman Jane Street Group | Information Technology 250 Vesey Street | New York, NY 10281 On Thu, Jan 28, 2021 at 12:48 PM Greg Hudson wrote: > On 1/28/21 11:59 AM, Patrick Norman wrote: > > Hey all, I am looking into using Kerberos for Windows in a POC I am > doing. > > I am havi

Re: Kerberos for Windows Logging

On 1/28/21 11:59 AM, Patrick Norman wrote: > Hey all, I am looking into using Kerberos for Windows in a POC I am doing. > I am having trouble getting logging to work The [logging] section is for krb5kdc and kadmind, which are not part of the Windows build. If you want to use trace logging

Kerberos for Windows Logging

Hey all, I am looking into using Kerberos for Windows in a POC I am doing. I am having trouble getting logging to work, all other settings in my INI are working correctly. I have started procmon to check if something is going on with access and it appears nothing is even attempting to access the

Query about kerberos (in windows)

Hi, I'm an administrator of an Active Directory environment. And I need to get the kerberos version of a Microsoft Windows Server operating system by command lines I need to migrate from Windows 2016 to Windows 2019 and I want to see the differences between them. (if there are any) Than

Re: windows kerberos update?

I just verified that OTP does work. Thanks. > On Jan 16, 2019, at 12:01 PM, Greg Hudson wrote: > > On 1/16/19 11:23 AM, Charles Hedrick wrote: >> We’re starting to use Windows Kerberos, with a 3rd party login screen that >> calls Kerberos. Some of our staff use FreeOTP

Re: windows kerberos update?

Thanks. We’ll try to OTP. If there’s no PKINIT, I guess that means the armor will have to come from the machine credentials. That should be workable. A couple of us do kinit from home on the Mac. I don’t have a long list of people asking for it for Windows, but if a couple of people do it for

Re: windows kerberos update?

On 1/16/19 11:23 AM, Charles Hedrick wrote: > We’re starting to use Windows Kerberos, with a 3rd party login screen that > calls Kerberos. Some of our staff use FreeOTP 2FA. As far as I can tell, the > most recent KfW doesn’t support 2FA or the https: proxy. KfW 4.1 is based on krb5 1.

windows kerberos update?

We’re starting to use Windows Kerberos, with a 3rd party login screen that calls Kerberos. Some of our staff use FreeOTP 2FA. As far as I can tell, the most recent KfW doesn’t support 2FA or the https: proxy. Are there plans for a new release that would do so

Authenticate Windows against Kerberos

Hello, I have a well working setup with Kerberos and openldap in multimaster mode. For authentication I use GSSAPI and SASL. Now I have a few Windows machines that should access a few shares on a Samba server. I don't need domain join or AD functionalities. Via Google or in the Samba group a

Re: Windows Server 2016 - KDC has no support for encryption type while getting initial credentials

18 19:16:00 >> krbtgt/ad.sec.example@ad.sec.example.com >> renew until 11/15/2018 09:15:53, Flags: FRIA >> Etype (skey, tkt): arcfour-hmac, aes256-cts-hmac-sha1-96 >> >> You can see on the Etype line, by default the inital session key is actualy >> rc4-hmac

Re: Windows Server 2016 - KDC has no support for encryption type while getting initial credentials

sion key is > actualy rc4-hmac (arcfour-hmac is same thing, just different names) But > the actual ticket granting ticket. The above example is against a windows > 2008 KDC, but 2016 is probably doing the same thing for backward > comparability. > > > Kerberos will negotiate str

Re: Windows Server 2016 - KDC has no support for encryption type while getting initial credentials

against a windows 2008 KDC, but 2016 is probably doing the same thing for backward comparability. Kerberos will negotiate strongest encryption types by default within the available configuration. AD exposes per user account settings in the properties dialog, under account details, that allow you

Windows Server 2016 - KDC has no support for encryption type while getting initial credentials

Hi, I am new to Kerberos. I am not able to obtain Kerberos ticket-granting tickets with strong encryption types from "Windows Server 2016 AD" My client kerberos configuration as below $ cat /etc/krb5.conf [libdefaults] default_realm = CIFS.COM default_tk

Re: Make Windows Firefox Use Ticket gained via OpenConnect VPN Connection

:57PM +0200, chiasa.men wrote: > I have an openconnect server where I can login with kerberos credentials (the > vpn server basically also works as proxy to the kdc within said vpn - more > detailed description: https://access.redhat.com/blogs/766093/posts/1976663) > > Now I can co

Make Windows Firefox Use Ticket gained via OpenConnect VPN Connection

I have an openconnect server where I can login with kerberos credentials (the vpn server basically also works as proxy to the kdc within said vpn - more detailed description: https://access.redhat.com/blogs/766093/posts/1976663) Now I can connect with a windows machine (using openconnect-gui

Re: Phoenix ODBC client on Windows connecting to Kerberos Hadoop Phoenix is throwing error “GSSException: Defective token detected”

A couple things: (1) You are using kfw to kinit but using the Windows "klist" to look at tickets. Windows has a native klist command of its own that pulls from its memory-based credentials cache. Make sure to use the MIT "klist" from the command line tool or the KFW UI

Re: Phoenix ODBC client on Windows connecting to Kerberos Hadoop Phoenix is throwing error “GSSException: Defective token detected”

HiCan you please respond to my email?Thanks,AnilFrom: "ANILESH_TENNETI"<venkata_a...@rediffmail.com>Sent: Wed, 08 Aug 2018 14:49:27To: <kerberos@mit.edu>Subject: Phoenix ODBC client on Windows connecting to Kerberos Hadoop Phoenix is throwing error “GSSException: Defec

Phoenix ODBC client on Windows connecting to Kerberos Hadoop Phoenix is throwing error “GSSException: Defective token detected”

using Hortonworks Phoenix ODBC driver (64 bit). As connection should be established to Kerberos Phoenix, the Windows ODBC client machine also must be setup with Kerberos.Windows odbc client machine has been setup with MIT Kerberos as per the documentation link https://community.hortonworks.com/art

Re: MIT Kerberos for Windows failing with Windows 10 update 1803?

Thanks very much, that clarifies my problems. I must have clicked on "Make default", and it has the API settings in the registry. I can't find any button to undo that - If I've changed something in krb.ini, click "Make default", then afterwards I'm stuck with those settings until I manually edit

Re: MIT Kerberos for Windows failing with Windows 10 update 1803?

quot;FILE:pathname" for some pathname. > > I don't have a hypothesis to explain why "API:" wouldn't work. I > updated a Windows 10 VM to 1803 and installed the kfw 4.1 MSI. With > the API: ccache type I was able to acquire tickets, renew tickets, >

Re: MIT Kerberos for Windows failing with Windows 10 update 1803?

On 06/19/2018 03:51 PM, Ruurd Beerstra wrote: > OK, I'm confused now > 2 days ago I tried FILE: by editing krb5.ini and setting default_cc_name > to FILE:c:/tmp/krb5cc_${uid} > I saw it uses the SID for my user as part of the filename in c:/tmp. > I SAW the file being made, and it STILL refuse

Re: MIT Kerberos for Windows failing with Windows 10 update 1803?

to set it to "FILE:pathname" for some pathname. > > I don't have a hypothesis to explain why "API:" wouldn't work. I > updated a Windows 10 VM to 1803 and installed the kfw 4.1 MSI. With the > API: ccache type I was able to acquire tickets, renew ticket

Re: MIT Kerberos for Windows failing with Windows 10 update 1803?

thesis to explain why "API:" wouldn't work. I updated a Windows 10 VM to 1803 and installed the kfw 4.1 MSI. With the API: ccache type I was able to acquire tickets, renew tickets, acquire service tickets using kvno, and see the acquired service ticket with klist. With the MSLSA:

Re: MIT Kerberos for Windows failing with Windows 10 update 1803?

set in the registry, value 1. A quick search on Credential Guard says: The Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. And that sounds like exactly my

Re: MIT Kerberos for Windows failing with Windows 10 update 1803?

On Sun, Jun 17, 2018 at 04:35:50PM -0400, Greg Hudson wrote: > On 06/17/2018 02:02 PM, Ruurd Beerstra wrote: > > The symptoms are that I can obtain a TGT from my KDC (which ends up in > > de LSA of Windows), but every attempt to use that TGT to obtain a > > service t

Re: MIT Kerberos for Windows failing with Windows 10 update 1803?

On 06/17/2018 02:02 PM, Ruurd Beerstra wrote: > The symptoms are that I can obtain a TGT from my KDC (which ends up in > de LSA of Windows), but every attempt to use that TGT to obtain a > service ticket yields an error: > Matching credential not found. Unfortunately, our mailing

MIT Kerberos for Windows failing with Windows 10 update 1803?

Hi, I'm developer of a Windows SSH/Telnet client (called IVT) that supports both GSSAPI authentication and Kerberized telnet. I've noticed that the setup I use for regression testing now finds errors for both protocols: Login fails. After a lot of digging, I'm suspecting Win

Re: MIT Kerberos OTP with Windows

LS part of MS-KKDCP (which is mandatory; there's no non-HTTPS proxy mode) is implemented as an auto-loaded plugin module linked against OpenSSL. Although I believe we have working module loading support for Windows, the Windows build doesn't compile any plugin modules and doesn't link

Re: MIT Kerberos OTP with Windows

It works fine in a copy of Ubuntu running in Linux for Windows on the same Windows 10 machine. > On Nov 3, 2017, at 9:53 AM, Charles Hedrick wrote: > > Here’s the conversation using tcpdump on the proxy server. The connection > opens, no data is sent in either direction, and K

Re: MIT Kerberos OTP with Windows

Here’s the conversation using tcpdump on the proxy server. The connection opens, no data is sent in either direction, and KfW closes it. In case it matters, KfW is running in Windows 10 Fall Creator’s Update in a VM on a Mac. tcpdump: verbose output suppressed, use -v or -vv for full protocol

Re: MIT Kerberos OTP with Windows

I’m using KfW 4.1. Since there’s no documentation on krb5.ini, I used the same syntax as for krb5.conf kdc = https://services.cs.rutgers.edu/KdcProxy I’m not using http_anchor, since we have a commercial cert, and other implementations don’t need us to specify a CA cert. The error message say

Re: MIT Kerberos OTP with Windows

On Wed, Nov 01, 2017 at 10:30:36PM +, Charles Hedrick wrote: > > I’ll try agian. Also KfW doesn’t seem to implement kdc proxy. I’d prefer not > to open my kdc to the world. I’m currrently using the Proxy for home use. Hmm, could you say a bit more about what version of KfW you're using and h

Re: MIT Kerberos OTP with Windows

>> My problem with KfW is more serious: I can’t get putty to see the tickets. >> That makes it of no real use to me. I’m going to try installing Ubuntu on >> Windows. > > I was able to reliably get putty working with GSSAPI/Kerberos when I was > working on KfW. The

Re: MIT Kerberos OTP with Windows

On Wed, Nov 01, 2017 at 06:06:23PM +, Charles Hedrick wrote: > > My problem with KfW is more serious: I can’t get putty to see the tickets. > That makes it of no real use to me. I’m going to try installing Ubuntu on > Windows. I was able to reliably get putty working with GSS

Re: MIT Kerberos OTP with Windows

putty to see the tickets. That makes it of no real use to me. I’m going to try installing Ubuntu on Windows. > On Oct 30, 2017, at 5:25 AM, Oleksandr Yermolenko wrote: > > Hi all, > > I'm trying to configure a Windows 7 workstation to do OTP preauth. > > I

Re: MIT Kerberos OTP with Windows

On Mon, Oct 30, 2017 at 9:11 PM, Benjamin Kaduk wrote: > On Mon, Oct 30, 2017 at 09:05:10AM -0700, Pallissard, Matthew wrote: > > > any ideas how to implement OTP for Windows with MIT kerberos client? > possible? > > > > I don't know if KFW 4.1 supports OTP b

Re: MIT Kerberos OTP with Windows

On Mon, 30 Oct 2017 09:05:10 -0700 "Pallissard, Matthew" wrote: > > any ideas how to implement OTP for Windows with MIT kerberos > > client? possible? > > I don't know if KFW 4.1 supports OTP but what I do know is that in > the past I couldn't get PK

Re: MIT Kerberos OTP with Windows

thanks for your notes and direction Oleksandr Yermolenko On Mon, 30 Oct 2017 20:11:25 -0500 Benjamin Kaduk wrote: > On Mon, Oct 30, 2017 at 09:05:10AM -0700, Pallissard, Matthew wrote: > > > any ideas how to implement OTP for Windows with MIT kerberos > > > client? possibl

Re: MIT Kerberos OTP with Windows

On Mon, Oct 30, 2017 at 09:05:10AM -0700, Pallissard, Matthew wrote: > > any ideas how to implement OTP for Windows with MIT kerberos client? > > possible? > > I don't know if KFW 4.1 supports OTP but what I do know is that in the past I > couldn't get PK

Re: MIT Kerberos OTP with Windows

> any ideas how to implement OTP for Windows with MIT kerberos client? possible? I don't know if KFW 4.1 supports OTP but what I do know is that in the past I couldn't get PKINIT working with KFW. I had to implement heimdal on the client end. https://www.mail-archive.com/k

MIT Kerberos OTP with Windows

Hi all, I'm trying to configure a Windows 7 workstation to do OTP preauth. I've installed MIT Kerberos for Windows 4.1, put krb5.ini as for linux and ... of course obtain the error "Generic preauthentication failure". FAST/PKINIT anonymous unsupported ... any ideas how

RE: Can I automatically cache AD tickets into a file on windows?

file on windows? On Fri, Nov 18, 2016 at 04:51:03PM +, Mauro Cazzari wrote: > One more thing: if MIT Kerberos is installed, is there a way to populate the > KRB5CCNAME cache file automatically when I log on to Windows without having > to use a keytab or having to run a kinit under th

Re: Can I automatically cache AD tickets into a file on windows?

On Fri, Nov 18, 2016 at 04:51:03PM +, Mauro Cazzari wrote: > One more thing: if MIT Kerberos is installed, is there a way to populate the > KRB5CCNAME cache file automatically when I log on to Windows without having > to use a keytab or having to run a kinit under the covers? MIT

Re: Can I automatically cache AD tickets into a file on windows?

s the poster child of poor credential handling (and a ton of work is going into cleaning that all up). On Friday, November 18, 2016, Mauro Cazzari wrote: > One more thing: if MIT Kerberos is installed, is there a way to populate > the KRB5CCNAME cache file automatically when I log on

RE: Can I automatically cache AD tickets into a file on windows?

One more thing: if MIT Kerberos is installed, is there a way to populate the KRB5CCNAME cache file automatically when I log on to Windows without having to use a keytab or having to run a kinit under the covers? From: Todd Grayson [mailto:tgray...@cloudera.com] Sent: Friday, November 18, 2016

RE: Can I automatically cache AD tickets into a file on windows?

Thanks Todd. I was thinking the same thing, but I just wasn’t sure. From: Todd Grayson [mailto:tgray...@cloudera.com] Sent: Friday, November 18, 2016 11:34 AM To: Mauro Cazzari Cc: Kerberos@mit.edu Subject: Re: Can I automatically cache AD tickets into a file on windows? From what I understand

Re: Can I automatically cache AD tickets into a file on windows?

>From what I understand, the windows SSPI implementation does not provide a facility to hold the credentials in a file. You would use the MIT KFW to be able to do that. On Friday, November 18, 2016, Mauro Cazzari wrote: > Kerberos experts, > Is there a way to automatically cache AD-

Can I automatically cache AD tickets into a file on windows?

Kerberos experts, Is there a way to automatically cache AD-generated tickets to the file provided through the KRB5CCNAME environment variable on Windows without having to run a kinit? My understanding is that Windows caches tickets in memory (whereas Unix does the same on file). Do I need to

Re: mit kdc windows client silent install

t.edu/kerberos/dist/#krb5-1.14 > > > > On Thu, Nov 10, 2016 at 7:53 PM, Edward Gleeck wrote: > > > > Does windows mit kdc client support silent/unattended install? > > > > On the release notes there are some documentation on building an installer > &

Re: mit kdc windows client silent install

it.edu/kerberos/dist/#krb5-1.14 > > On Thu, Nov 10, 2016 at 7:53 PM, Edward Gleeck wrote: > > Does windows mit kdc client support silent/unattended install? > > On the release notes there are some documentation on building an installer > which is quite involved, so I was wonderi

Re: mit kdc windows client silent install

7:53 PM, Edward Gleeck wrote: > Does windows mit kdc client support silent/unattended install? > > On the release notes there are some documentation on building an installer > which is quite involved, so I was wondering if the currently installer > supports any install paramete

mit kdc windows client silent install

Does windows mit kdc client support silent/unattended install? On the release notes there are some documentation on building an installer which is quite involved, so I was wondering if the currently installer supports any install parameters. Thanks, Ed

Re: Regarding the software MIT Kerberos for Windows version 4.1

e private customer support to external parties. I will, however, try to point you toward readily available information that should help you with your request. > I am contacting you on behalf of ExxonMobil IT Asset Management regarding > your software called MIT Kerberos for Windows version 4.1

Regarding the software MIT Kerberos for Windows version 4.1

Hello Team, I am contacting you on behalf of ExxonMobil IT Asset Management regarding your software called MIT Kerberos for Windows version 4.1 --> In order to proceed with a request raised by one of our affiliates, please provide your most recent End User License Agreement (EULA)

Searching a debugging tool for kerberos inside Windows 10 Desktop

Hi! Dear Colleagues, I'm taking my first steps in using kerberos, our goal is to authenticate users who wish to use their Windows desktops via FreeIPA. The issue is that we have done both FreeIPA configuration as in the windows client, but every time I try to use my creden

Re: Windows 2012R2 & MIT Kerberos Trust / SSO

There are ways to sync the AD server with the KDC, so in effect they are separate but equal. On Aug 20, 2016 12:14 PM, "Darren Terry" wrote: List, I am currently working on a project where I am required to integrate a Windows 2012R2 domain with an existing Kerberos realm. The doma

Windows 2012R2 & MIT Kerberos Trust / SSO

List, I am currently working on a project where I am required to integrate a Windows 2012R2 domain with an existing Kerberos realm. The domain has not been built yet so I have the luxury of having no technical debt to deal with, I get a fresh start on the Windows side. Does anyone have experience

MIT kerberos windows

Hi, I have a colleague who followed the same procedure as we normally use to install and setup the MIT kerberkos windows client but he gets the following error when he enters his credentials: Ticket initialization failed. Kerberos 5: invalid argument (error 22) I could not find any details

Re: Forwardable TGT - Windows vs MIT behavior?

On Sat, Apr 23, 2016 at 09:47:59AM -0700, Ray Van Dolson wrote: > On Sat, Apr 23, 2016 at 09:41:47AM -0700, Ray Van Dolson wrote: > > Using PuTTY from a domain-joined Windows 7 machine, with that machine's > > PuTTY stack configured to allow credential delegation and conne

Re: Forwardable TGT - Windows vs MIT behavior?

On Sat, Apr 23, 2016 at 09:41:47AM -0700, Ray Van Dolson wrote: > Using PuTTY from a domain-joined Windows 7 machine, with that machine's > PuTTY stack configured to allow credential delegation and connecting to > a RHEL7 server, also joined to AD but *not* configured in AD to be

Forwardable TGT - Windows vs MIT behavior?

Using PuTTY from a domain-joined Windows 7 machine, with that machine's PuTTY stack configured to allow credential delegation and connecting to a RHEL7 server, also joined to AD but *not* configured in AD to be trusted for delegation, I do not get a TGT added to my cache when I connect. Ho

Re: Does Kerberos works with Windows 2012 & AES256 bit

Thanks Ross! Much appreciated. --Prashanth My iPhone > On Feb 3, 2016, at 4:35 AM, Wilper, Ross wrote: > > Windows Server 2012 supports AES enctypes: > > AES128_CTS_HMAC_SHA1_96 > AES256_CTS_HMAC_SHA1_96 > > -Ross > > -Original Message- &g

RE: Does Kerberos works with Windows 2012 & AES256 bit

Windows Server 2012 supports AES enctypes: AES128_CTS_HMAC_SHA1_96 AES256_CTS_HMAC_SHA1_96 -Ross -Original Message- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Prashanth Sent: Tuesday, February 2, 2016 12:18 PM To: kerberos@mit.edu Subject: Does

Does Kerberos works with Windows 2012 & AES256 bit

Hi, Quick question guys.. I am pretty much new this. Hence, I would like to know whether or not Kerberos works with Windows 2012 and AES256 bit encryption. Your help is much appreciated. Thanks, Prashanth My iPhone Kerberos mailing list

klist from windows does not show tickets for gsskrb5.dll

Hello dear list, I'm sorry, my question is not directly related to MIT Kerberos, but maybe someone can help me?! We uses Kerberos SSO for SAP under Windows 7, joined in a AD domain. For Windows 7 Clients who are not member of a AD domain, we use the MIT Kerberos client. Every thing in

MIT Kerberos for windows 4.01 title bar dissapears after running for a few days

This usually happens between 3 or 4 days of continuous operation. Suddenly the title bar disappears and you can't close it by clicking the now missing X button. [cid:image001.png@01D14EE0.24DD0380] Kerberos mailing list Kerberos@mit.edu

RE: issues getting kerberos ticket with Windows Server 2012

Kanhaising Sent: Wednesday, November 25, 2015 11:31 PM To: kerberos@mit.edu Subject: issues getting kerberos ticket with Windows Server 2012 Sorry for my bad english. For a school project I am implementing kerberos with active directory. To finish this project I have to fix the next error: "KDC h

issues getting kerberos ticket with Windows Server 2012

Sorry for my bad english. For a school project I am implementing kerberos with active directory. To finish this project I have to fix the next error: "KDC has no support for padata type". How can I fix this error ? Regards, Rishi Kerberos mailing l

Re: Windows

Nov 2015, Randolph Morgan wrote: > >> I found the answer to my question, so I thought I would share it with others >> here on the list. To get Windows to acknowledge that a ticket has been >> issued > Thank you for following up! > >> through MIT Kerberos KfW 4.0.1 y

Re: Windows

On Wed, 18 Nov 2015, Randolph Morgan wrote: > I found the answer to my question, so I thought I would share it with others > here on the list. To get Windows to acknowledge that a ticket has been issued Thank you for following up! > through MIT Kerberos KfW 4.0.1 you need to edit a

Re: Windows

I found the answer to my question, so I thought I would share it with others here on the list. To get Windows to acknowledge that a ticket has been issued through MIT Kerberos KfW 4.0.1 you need to edit a registry key. The key is located at: HKEY_CURRENT_USER\SOFTWARE\MIT Kerberos\Settings

Re: Windows

On Mon, 16 Nov 2015, Randolph Morgan wrote: > I have installed MIT Kerberos 4.0.1 on a Windows 10 machine. Everything > I have read indicates that the identity manager is not integrated into > the new ticket manager. Ticket manager shows that I have received a I'm not sure wh

Windows

I have installed MIT Kerberos 4.0.1 on a Windows 10 machine. Everything I have read indicates that the identity manager is not integrated into the new ticket manager. Ticket manager shows that I have received a ticket from my krbtgt from my server, but Windows does not show a ticket when I

Re: Kerberos, Windows and FreeIPA

On 10/23/2015 02:58 PM, Randolph Morgan wrote: > We are running a mixed environment network. However, all of our > authentication is performed via LDAP, we do not have an AD on our > network, nor do we have any Windows servers, all of our servers are > running RHEL. We ar

Re: Kerberos, Windows and FreeIPA

Hi, I think this may be working. When I was trying to make Microsoft's AD to authenticate to a Kerberos server and not the AD controlleurs we managed to get a stand alone windows to authenticate to a RHEL MIT KDC. I'm not at work atm so I can't check this on our wiki, but theses

Re: Kerberos, Windows and FreeIPA

Randolph Morgan writes: > We are running a mixed environment network. However, all of our > authentication is performed via LDAP, we do not have an AD on our > network, nor do we have any Windows servers, all of our servers are > running RHEL. We are working on implem

Kerberos, Windows and FreeIPA

We are running a mixed environment network. However, all of our authentication is performed via LDAP, we do not have an AD on our network, nor do we have any Windows servers, all of our servers are running RHEL. We are working on implementing a new authentication server that is running

Re: Working with Microsoft Premier Support RE MIT Kerberos for Windows 4.0.1

helpd...@mit.edu is not the correct support forum for this issue. On Thu, 15 Oct 2015, Binder, Dale wrote: > > Tickets are stored in the location specified > by environment variable Yes, the software is doing what you tell it to do. The "MSLSA:" cache type corresponds to the LSA integration; Kf

Working with Microsoft Premier Support RE MIT Kerberos for Windows 4.0.1

Please direct me to the resources that can answer the following: * We have an open case with MS Premier Support and Kerberos for Windows 4.0.1 states "Integration with the Windows LSA credentials cache" * We are using .NET webclient and can't seem to get the cl

  1   2   3   4   5   6   7   8   9   10   >