Thanks for the reply. One strange thing is that when Windows is using AD
domain, sname doesn't have this format: host/win11client.mylab.com but
win11client$. I have no idea what makes Windows have this difference.
For PAC validation error, I also can't get more detailed inform
On 11/8/23 09:23, JianJun Li wrote:
In fact, principle "host/win11client.mylab@mylab.com" exists. By Wireshark I can
see Windows sends "host/win11client.mylab@mylab.com" as sname, KDC converts the
sname to host\/win11client.mylab@mylab.com.
I have a look at
Thank you Ken for the valuable feedback.
I'm using latest version V1.21 with its default backend DB. After the test, if
all works, I will try the combination MIT KDC + OpenLDAP then.
There are not so much available materials I can refer to like my case.
Sometimes I really doubt Window
I am DEFINITELY not an expert in S4U* nor Windows APIs, but I have
looked into this a BIT and I can give you some thoughts.
>Now we wants to switch from Windows AD to MIT KDC. Currently windows
>can be authenticated by MIT KDC without any problem but Windows API
>LSALogonUser() in our ap
Hi everyone,
We have an application with Windows client + AD domain, for S4USelf, it works
well.
In our application, it calls LSALogonUser() to impersonate a user which will
use S4USelf by setting up Windows structure KERB_S4U_LOGON.
Now we wants to switch from Windows AD to MIT KDC
f critically
>condensed knowledge in the subject matter. Of course nobody owes me
>nothing here - sorry.
Thank you; I for one appreciate your apology.
>> Judging by the thread you posted, it sure seems like the problem
>> was specific to the Postgresql implementation on Windows so it
nyone else, but I didn't know the answer (and
it involved Windows, which I am not that familiar with), _and_ my
day job does not pay me to support people on the MIT Kerberos mailing
list. That's not to say I'm opposed to helping people, but if I don't
know the answer I'm
On 10.03.23 18:12, Sam Hartman wrote:
"Tomas" == Tomas Pospisek writes:
Tomas> Also, since I got precisely zilch feedback here while there
Tomas> were other postings here I'm under the impression that this
Tomas> is a mailing list with *no* user support (but instead a
Tomas
Greetings,
* Tomas Pospisek (t...@sourcepole.ch) wrote:
> In case anybody is interested (or as a reference for future readers): I was
> able to resolve the problem. See
> https://www.postgresql.org/message-id/08b836a7-272a-2309-da45-ac691fccacb8%40sourcepole.ch
> for details.
Yes, you're welcome
answer (and
it involved Windows, which I am not that familiar with), _and_ my
day job does not pay me to support people on the MIT Kerberos mailing
list. That's not to say I'm opposed to helping people, but if I don't
know the answer I'm not going to chime in with a "Sorry, I
> "Tomas" == Tomas Pospisek writes:
Tomas> Also, since I got precisely zilch feedback here while there
Tomas> were other postings here I'm under the impression that this
Tomas> is a mailing list with *no* user support (but instead a
Tomas> development list or similar). If that
port 5432 failed: could not initiate GSSAPI
security context: No credentials were supplied, or the credentials
were unavailable or inaccessible: Internal credentials cache error
Goal
I want to have my Postgresql clients (in this case psql.exe) on Windows
to authenticate against Ac
lable or inaccessible: Internal credentials cache error
Goal
I want to have my Postgresql clients (in this case psql.exe) on Windows
to authenticate against Active Directory.
Steps taken so far
==
Linux client -> Active Directory -> Linu
>gotcha, thank you very much for all the help.
>I guess just out of curiosity:
>- for windows: there are other tools such as heimdall and microsoft
>kerberos. with those I don't know if you ever played around with them or
>know if they support smartcard and pin authentica
gotcha, thank you very much for all the help.
I guess just out of curiosity:
- for windows: there are other tools such as heimdall and microsoft
kerberos. with those I don't know if you ever played around with them or
know if they support smartcard and pin authentication to get a ticket
man
Hi,
for more information on this"
- People I work with have adapted the stock MIT Kerberos PKINIT plugin
to work on Windows.
Do you have any sort of documentation that you can point me to on how to
make this work with windows. And also Mac as, we also have Mac users.
Currently, my main
>for more information on this"
>- People I work with have adapted the stock MIT Kerberos PKINIT plugin
> to work on Windows.
>
>Do you have any sort of documentation that you can point me to on how to
>make this work with windows. And also Mac as, we also have Mac users.
>i was wondering if the question listed in the link below was ever answered
>and if not, i was hoping you could provide please.
>https://mailman.mit.edu/pipermail/kerberos/2010-September/016423.html
I can provide a quick summary:
- Current stock MIT Kerberos for Windows does not suppo
HI,
i was wondering if the question listed in the link below was ever answered
and if not, i was hoping you could provide please.
https://mailman.mit.edu/pipermail/kerberos/2010-September/016423.html
--
Thank you,
Prabin Tamang
Kerberos mailing li
e the configure
run through:
``'
krb5-1.19.3/src$ ac_cv_func_regcomp=yes ac_cv_printf_positional=yes
krb5_cv_attr_constructor_destructor=yes,yes ./configure
--build=x86_64-linux-gnu --host=aarch64-linux-musl
```
With this I can build for linux and bsd, but it fails to build for mac and
window
Windows
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Norman
Jane Street Group | Information Technology
250 Vesey Street | New York, NY 10281
On Thu, Jan 28, 2021 at 12:48 PM Greg Hudson wrote:
> On 1/28/21 11:59 AM, Patrick Norman wrote:
> > Hey all, I am looking into using Kerberos for Windows in a POC I am
> doing.
> > I am havi
On 1/28/21 11:59 AM, Patrick Norman wrote:
> Hey all, I am looking into using Kerberos for Windows in a POC I am doing.
> I am having trouble getting logging to work
The [logging] section is for krb5kdc and kadmind, which are not part of
the Windows build.
If you want to use trace logging
Hey all, I am looking into using Kerberos for Windows in a POC I am doing.
I am having trouble getting logging to work, all other settings in my INI
are working correctly. I have started procmon to check if something is
going on with access and it appears nothing is even attempting to access
the
Hi, I'm an administrator of an Active Directory environment. And I need to
get the kerberos version of a Microsoft Windows Server operating system by
command lines
I need to migrate from Windows 2016 to Windows 2019 and I want to see the
differences between them. (if there are any)
Than
I just verified that OTP does work. Thanks.
> On Jan 16, 2019, at 12:01 PM, Greg Hudson wrote:
>
> On 1/16/19 11:23 AM, Charles Hedrick wrote:
>> We’re starting to use Windows Kerberos, with a 3rd party login screen that
>> calls Kerberos. Some of our staff use FreeOTP
Thanks. We’ll try to OTP. If there’s no PKINIT, I guess that means the armor
will have to come from the machine credentials. That should be workable.
A couple of us do kinit from home on the Mac. I don’t have a long list of
people asking for it for Windows, but if a couple of people do it for
On 1/16/19 11:23 AM, Charles Hedrick wrote:
> We’re starting to use Windows Kerberos, with a 3rd party login screen that
> calls Kerberos. Some of our staff use FreeOTP 2FA. As far as I can tell, the
> most recent KfW doesn’t support 2FA or the https: proxy.
KfW 4.1 is based on krb5 1.
We’re starting to use Windows Kerberos, with a 3rd party login screen that
calls Kerberos. Some of our staff use FreeOTP 2FA. As far as I can tell, the
most recent KfW doesn’t support 2FA or the https: proxy. Are there plans for a
new release that would do so
Hello,
I have a well working setup with Kerberos and openldap in multimaster
mode. For authentication I use GSSAPI and SASL. Now I have a few Windows
machines that should access a few shares on a Samba server. I don't need
domain join or AD functionalities. Via Google or in the Samba group
a
18 19:16:00
>> krbtgt/ad.sec.example@ad.sec.example.com
>> renew until 11/15/2018 09:15:53, Flags: FRIA
>> Etype (skey, tkt): arcfour-hmac, aes256-cts-hmac-sha1-96
>>
>> You can see on the Etype line, by default the inital session key is actualy
>> rc4-hmac
sion key is
> actualy rc4-hmac (arcfour-hmac is same thing, just different names) But
> the actual ticket granting ticket. The above example is against a windows
> 2008 KDC, but 2016 is probably doing the same thing for backward
> comparability.
>
>
> Kerberos will negotiate str
against a windows 2008 KDC,
but 2016 is probably doing the same thing for backward comparability.
Kerberos will negotiate strongest encryption types by default within the
available configuration.
AD exposes per user account settings in the properties dialog, under
account details, that allow you
Hi,
I am new to Kerberos. I am not able to obtain Kerberos
ticket-granting tickets with strong encryption types from "Windows
Server 2016 AD"
My client kerberos configuration as below
$ cat /etc/krb5.conf
[libdefaults]
default_realm = CIFS.COM
default_tk
:57PM +0200, chiasa.men wrote:
> I have an openconnect server where I can login with kerberos credentials (the
> vpn server basically also works as proxy to the kdc within said vpn - more
> detailed description: https://access.redhat.com/blogs/766093/posts/1976663)
>
> Now I can co
I have an openconnect server where I can login with kerberos credentials (the
vpn server basically also works as proxy to the kdc within said vpn - more
detailed description: https://access.redhat.com/blogs/766093/posts/1976663)
Now I can connect with a windows machine (using openconnect-gui
A couple things:
(1)
You are using kfw to kinit but using the Windows "klist" to look at
tickets. Windows has a native klist command of its own that pulls from its
memory-based credentials cache.
Make sure to use the MIT "klist" from the command line tool or the KFW UI
HiCan you please respond to my email?Thanks,AnilFrom:
"ANILESH_TENNETI"<venkata_a...@rediffmail.com>Sent: Wed, 08 Aug
2018 14:49:27To: <kerberos@mit.edu>Subject: Phoenix ODBC client on
Windows connecting to Kerberos Hadoop Phoenix is throwing error
“GSSException: Defec
using
Hortonworks Phoenix ODBC driver (64 bit). As connection should be established
to Kerberos Phoenix, the Windows ODBC client machine also must be setup with
Kerberos.Windows odbc client machine has been setup with MIT Kerberos as per
the documentation link
https://community.hortonworks.com/art
Thanks very much, that clarifies my problems.
I must have clicked on "Make default", and it has the API settings in
the registry.
I can't find any button to undo that - If I've changed something in
krb.ini, click "Make default", then afterwards I'm stuck with those
settings until I manually edit
quot;FILE:pathname" for some pathname.
>
> I don't have a hypothesis to explain why "API:" wouldn't work. I
> updated a Windows 10 VM to 1803 and installed the kfw 4.1 MSI. With
> the API: ccache type I was able to acquire tickets, renew tickets,
>
On 06/19/2018 03:51 PM, Ruurd Beerstra wrote:
> OK, I'm confused now
> 2 days ago I tried FILE: by editing krb5.ini and setting default_cc_name
> to FILE:c:/tmp/krb5cc_${uid}
> I saw it uses the SID for my user as part of the filename in c:/tmp.
> I SAW the file being made, and it STILL refuse
to set it to "FILE:pathname" for some pathname.
>
> I don't have a hypothesis to explain why "API:" wouldn't work. I
> updated a Windows 10 VM to 1803 and installed the kfw 4.1 MSI. With the
> API: ccache type I was able to acquire tickets, renew ticket
thesis to explain why "API:" wouldn't work. I
updated a Windows 10 VM to 1803 and installed the kfw 4.1 MSI. With the
API: ccache type I was able to acquire tickets, renew tickets, acquire
service tickets using kvno, and see the acquired service ticket with klist.
With the MSLSA:
set in the registry, value 1.
A quick search on Credential Guard says: The Windows Defender Credential
Guard prevents these attacks by protecting NTLM password hashes,
Kerberos Ticket Granting Tickets, and credentials stored by applications
as domain credentials.
And that sounds like exactly my
On Sun, Jun 17, 2018 at 04:35:50PM -0400, Greg Hudson wrote:
> On 06/17/2018 02:02 PM, Ruurd Beerstra wrote:
> > The symptoms are that I can obtain a TGT from my KDC (which ends up in
> > de LSA of Windows), but every attempt to use that TGT to obtain a
> > service t
On 06/17/2018 02:02 PM, Ruurd Beerstra wrote:
> The symptoms are that I can obtain a TGT from my KDC (which ends up in
> de LSA of Windows), but every attempt to use that TGT to obtain a
> service ticket yields an error:
> Matching credential not found.
Unfortunately, our mailing
Hi,
I'm developer of a Windows SSH/Telnet client (called IVT) that supports
both GSSAPI authentication and Kerberized telnet.
I've noticed that the setup I use for regression testing now finds
errors for both protocols: Login fails.
After a lot of digging, I'm suspecting Win
LS part of MS-KKDCP (which is mandatory; there's no non-HTTPS proxy
mode) is implemented as an auto-loaded plugin module linked against
OpenSSL. Although I believe we have working module loading support for
Windows, the Windows build doesn't compile any plugin modules and
doesn't link
It works fine in a copy of Ubuntu running in Linux for Windows on the same
Windows 10 machine.
> On Nov 3, 2017, at 9:53 AM, Charles Hedrick wrote:
>
> Here’s the conversation using tcpdump on the proxy server. The connection
> opens, no data is sent in either direction, and K
Here’s the conversation using tcpdump on the proxy server. The connection
opens, no data is sent in either direction, and KfW closes it.
In case it matters, KfW is running in Windows 10 Fall Creator’s Update in a VM
on a Mac.
tcpdump: verbose output suppressed, use -v or -vv for full protocol
I’m using KfW 4.1. Since there’s no documentation on krb5.ini, I used the same
syntax as for krb5.conf
kdc = https://services.cs.rutgers.edu/KdcProxy
I’m not using http_anchor, since we have a commercial cert, and other
implementations don’t need us to specify a CA cert.
The error message say
On Wed, Nov 01, 2017 at 10:30:36PM +, Charles Hedrick wrote:
>
> I’ll try agian. Also KfW doesn’t seem to implement kdc proxy. I’d prefer not
> to open my kdc to the world. I’m currrently using the Proxy for home use.
Hmm, could you say a bit more about what version of KfW you're using and
h
>> My problem with KfW is more serious: I can’t get putty to see the tickets.
>> That makes it of no real use to me. I’m going to try installing Ubuntu on
>> Windows.
>
> I was able to reliably get putty working with GSSAPI/Kerberos when I was
> working on KfW. The
On Wed, Nov 01, 2017 at 06:06:23PM +, Charles Hedrick wrote:
>
> My problem with KfW is more serious: I can’t get putty to see the tickets.
> That makes it of no real use to me. I’m going to try installing Ubuntu on
> Windows.
I was able to reliably get putty working with GSS
putty to see the tickets. That
makes it of no real use to me. I’m going to try installing Ubuntu on Windows.
> On Oct 30, 2017, at 5:25 AM, Oleksandr Yermolenko wrote:
>
> Hi all,
>
> I'm trying to configure a Windows 7 workstation to do OTP preauth.
>
> I
On Mon, Oct 30, 2017 at 9:11 PM, Benjamin Kaduk wrote:
> On Mon, Oct 30, 2017 at 09:05:10AM -0700, Pallissard, Matthew wrote:
> > > any ideas how to implement OTP for Windows with MIT kerberos client?
> possible?
> >
> > I don't know if KFW 4.1 supports OTP b
On Mon, 30 Oct 2017 09:05:10 -0700
"Pallissard, Matthew" wrote:
> > any ideas how to implement OTP for Windows with MIT kerberos
> > client? possible?
>
> I don't know if KFW 4.1 supports OTP but what I do know is that in
> the past I couldn't get PK
thanks for your notes and direction
Oleksandr Yermolenko
On Mon, 30 Oct 2017 20:11:25 -0500
Benjamin Kaduk wrote:
> On Mon, Oct 30, 2017 at 09:05:10AM -0700, Pallissard, Matthew wrote:
> > > any ideas how to implement OTP for Windows with MIT kerberos
> > > client? possibl
On Mon, Oct 30, 2017 at 09:05:10AM -0700, Pallissard, Matthew wrote:
> > any ideas how to implement OTP for Windows with MIT kerberos client?
> > possible?
>
> I don't know if KFW 4.1 supports OTP but what I do know is that in the past I
> couldn't get PK
> any ideas how to implement OTP for Windows with MIT kerberos client? possible?
I don't know if KFW 4.1 supports OTP but what I do know is that in the past I
couldn't get PKINIT working with KFW. I had to implement heimdal on the client
end.
https://www.mail-archive.com/k
Hi all,
I'm trying to configure a Windows 7 workstation to do OTP preauth.
I've installed MIT Kerberos for Windows 4.1, put krb5.ini as for linux
and ... of course obtain the error "Generic preauthentication
failure". FAST/PKINIT anonymous unsupported ...
any ideas how
file on windows?
On Fri, Nov 18, 2016 at 04:51:03PM +, Mauro Cazzari wrote:
> One more thing: if MIT Kerberos is installed, is there a way to populate the
> KRB5CCNAME cache file automatically when I log on to Windows without having
> to use a keytab or having to run a kinit under th
On Fri, Nov 18, 2016 at 04:51:03PM +, Mauro Cazzari wrote:
> One more thing: if MIT Kerberos is installed, is there a way to populate the
> KRB5CCNAME cache file automatically when I log on to Windows without having
> to use a keytab or having to run a kinit under the covers?
MIT
s
the poster child of poor credential handling (and a ton of work is going
into cleaning that all up).
On Friday, November 18, 2016, Mauro Cazzari wrote:
> One more thing: if MIT Kerberos is installed, is there a way to populate
> the KRB5CCNAME cache file automatically when I log on
One more thing: if MIT Kerberos is installed, is there a way to populate the
KRB5CCNAME cache file automatically when I log on to Windows without having to
use a keytab or having to run a kinit under the covers?
From: Todd Grayson [mailto:tgray...@cloudera.com]
Sent: Friday, November 18, 2016
Thanks Todd. I was thinking the same thing, but I just wasn’t sure.
From: Todd Grayson [mailto:tgray...@cloudera.com]
Sent: Friday, November 18, 2016 11:34 AM
To: Mauro Cazzari
Cc: Kerberos@mit.edu
Subject: Re: Can I automatically cache AD tickets into a file on windows?
From what I understand
>From what I understand, the windows SSPI implementation does not provide a
facility to hold the credentials in a file. You would use the MIT KFW to
be able to do that.
On Friday, November 18, 2016, Mauro Cazzari wrote:
> Kerberos experts,
> Is there a way to automatically cache AD-
Kerberos experts,
Is there a way to automatically cache AD-generated tickets to the file provided
through the KRB5CCNAME environment variable on Windows without having to run a
kinit? My understanding is that Windows caches tickets in memory (whereas Unix
does the same on file). Do I need to
t.edu/kerberos/dist/#krb5-1.14
> >
> > On Thu, Nov 10, 2016 at 7:53 PM, Edward Gleeck wrote:
> >
> > Does windows mit kdc client support silent/unattended install?
> >
> > On the release notes there are some documentation on building an installer
> &
it.edu/kerberos/dist/#krb5-1.14
>
> On Thu, Nov 10, 2016 at 7:53 PM, Edward Gleeck wrote:
>
> Does windows mit kdc client support silent/unattended install?
>
> On the release notes there are some documentation on building an installer
> which is quite involved, so I was wonderi
7:53 PM, Edward Gleeck wrote:
> Does windows mit kdc client support silent/unattended install?
>
> On the release notes there are some documentation on building an installer
> which is quite involved, so I was wondering if the currently installer
> supports any install paramete
Does windows mit kdc client support silent/unattended install?
On the release notes there are some documentation on building an installer
which is quite involved, so I was wondering if the currently installer
supports any install parameters.
Thanks,
Ed
e private customer support to external parties. I will, however,
try to point you toward readily available information that should help
you with your request.
> I am contacting you on behalf of ExxonMobil IT Asset Management regarding
> your software called MIT Kerberos for Windows version 4.1
Hello Team,
I am contacting you on behalf of ExxonMobil IT Asset Management regarding your
software called MIT Kerberos for Windows version 4.1
--> In order to proceed with a request raised by one of our affiliates, please
provide your most recent End User License Agreement (EULA)
Hi! Dear Colleagues,
I'm taking my first steps in using kerberos, our goal is to
authenticate users who wish to use their Windows desktops via FreeIPA.
The issue is that we have done both FreeIPA configuration as in the
windows client, but every time I try to use my creden
There are ways to sync the AD server with the KDC, so in effect they are
separate but equal.
On Aug 20, 2016 12:14 PM, "Darren Terry" wrote:
List,
I am currently working on a project where I am required to integrate a
Windows 2012R2 domain with an existing Kerberos realm. The doma
List,
I am currently working on a project where I am required to integrate a
Windows 2012R2 domain with an existing Kerberos realm. The domain has not
been built yet so I have the luxury of having no technical debt to deal
with, I get a fresh start on the Windows side. Does anyone have experience
Hi,
I have a colleague who followed the same procedure as we normally use to
install and setup the MIT kerberkos windows client but he gets the following
error when he enters his credentials:
Ticket initialization failed.
Kerberos 5: invalid argument (error 22)
I could not find any details
On Sat, Apr 23, 2016 at 09:47:59AM -0700, Ray Van Dolson wrote:
> On Sat, Apr 23, 2016 at 09:41:47AM -0700, Ray Van Dolson wrote:
> > Using PuTTY from a domain-joined Windows 7 machine, with that machine's
> > PuTTY stack configured to allow credential delegation and conne
On Sat, Apr 23, 2016 at 09:41:47AM -0700, Ray Van Dolson wrote:
> Using PuTTY from a domain-joined Windows 7 machine, with that machine's
> PuTTY stack configured to allow credential delegation and connecting to
> a RHEL7 server, also joined to AD but *not* configured in AD to be
Using PuTTY from a domain-joined Windows 7 machine, with that machine's
PuTTY stack configured to allow credential delegation and connecting to
a RHEL7 server, also joined to AD but *not* configured in AD to be
trusted for delegation, I do not get a TGT added to my cache when I
connect.
Ho
Thanks Ross!
Much appreciated.
--Prashanth
My iPhone
> On Feb 3, 2016, at 4:35 AM, Wilper, Ross wrote:
>
> Windows Server 2012 supports AES enctypes:
>
> AES128_CTS_HMAC_SHA1_96
> AES256_CTS_HMAC_SHA1_96
>
> -Ross
>
> -Original Message-
&g
Windows Server 2012 supports AES enctypes:
AES128_CTS_HMAC_SHA1_96
AES256_CTS_HMAC_SHA1_96
-Ross
-Original Message-
From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of
Prashanth
Sent: Tuesday, February 2, 2016 12:18 PM
To: kerberos@mit.edu
Subject: Does
Hi,
Quick question guys..
I am pretty much new this.
Hence, I would like to know whether or not Kerberos works with Windows 2012 and
AES256 bit encryption.
Your help is much appreciated.
Thanks,
Prashanth
My iPhone
Kerberos mailing list
Hello dear list,
I'm sorry, my question is not directly related to MIT Kerberos, but
maybe someone can help me?!
We uses Kerberos SSO for SAP under Windows 7, joined in a AD domain.
For Windows 7 Clients who are not member of a AD domain, we use the
MIT Kerberos client.
Every thing in
This usually happens between 3 or 4 days of continuous operation.
Suddenly the title bar disappears and you can't close it by clicking the now
missing X button.
[cid:image001.png@01D14EE0.24DD0380]
Kerberos mailing list Kerberos@mit.edu
Kanhaising
Sent: Wednesday, November 25, 2015 11:31 PM
To: kerberos@mit.edu
Subject: issues getting kerberos ticket with Windows Server 2012
Sorry for my bad english.
For a school project I am implementing kerberos with active directory. To
finish this project I have to fix the next error: "KDC h
Sorry for my bad english.
For a school project I am implementing kerberos with active directory. To
finish this project I have to fix the next error: "KDC has no support for
padata type".
How can I fix this error ?
Regards,
Rishi
Kerberos mailing l
Nov 2015, Randolph Morgan wrote:
>
>> I found the answer to my question, so I thought I would share it with others
>> here on the list. To get Windows to acknowledge that a ticket has been
>> issued
> Thank you for following up!
>
>> through MIT Kerberos KfW 4.0.1 y
On Wed, 18 Nov 2015, Randolph Morgan wrote:
> I found the answer to my question, so I thought I would share it with others
> here on the list. To get Windows to acknowledge that a ticket has been issued
Thank you for following up!
> through MIT Kerberos KfW 4.0.1 you need to edit a
I found the answer to my question, so I thought I would share it with
others here on the list. To get Windows to acknowledge that a ticket
has been issued through MIT Kerberos KfW 4.0.1 you need to edit a
registry key. The key is located at: HKEY_CURRENT_USER\SOFTWARE\MIT
Kerberos\Settings
On Mon, 16 Nov 2015, Randolph Morgan wrote:
> I have installed MIT Kerberos 4.0.1 on a Windows 10 machine. Everything
> I have read indicates that the identity manager is not integrated into
> the new ticket manager. Ticket manager shows that I have received a
I'm not sure wh
I have installed MIT Kerberos 4.0.1 on a Windows 10 machine. Everything
I have read indicates that the identity manager is not integrated into
the new ticket manager. Ticket manager shows that I have received a
ticket from my krbtgt from my server, but Windows does not show a ticket
when I
On 10/23/2015 02:58 PM, Randolph Morgan wrote:
> We are running a mixed environment network. However, all of our
> authentication is performed via LDAP, we do not have an AD on our
> network, nor do we have any Windows servers, all of our servers are
> running RHEL. We ar
Hi,
I think this may be working. When I was trying to make Microsoft's AD to
authenticate to a Kerberos server and not the AD controlleurs we managed to get
a stand alone windows to authenticate to a RHEL MIT KDC. I'm not at work atm so
I can't check this on our wiki, but theses
Randolph Morgan writes:
> We are running a mixed environment network. However, all of our
> authentication is performed via LDAP, we do not have an AD on our
> network, nor do we have any Windows servers, all of our servers are
> running RHEL. We are working on implem
We are running a mixed environment network. However, all of our
authentication is performed via LDAP, we do not have an AD on our
network, nor do we have any Windows servers, all of our servers are
running RHEL. We are working on implementing a new authentication
server that is running
helpd...@mit.edu is not the correct support forum for this issue.
On Thu, 15 Oct 2015, Binder, Dale wrote:
>
> Tickets are stored in the location specified
> by environment variable
Yes, the software is doing what you tell it to do. The "MSLSA:" cache
type corresponds to the LSA integration; Kf
Please direct me to the resources that can answer the following:
* We have an open case with MS Premier Support and Kerberos for Windows
4.0.1 states "Integration with the Windows LSA credentials cache"
* We are using .NET webclient and can't seem to get the cl
1 - 100 of 1572 matches
Mail list logo