Hello,
My name is Jake Monaco and I'm the Music Technology Specialist at the
University of Richmond. We just recently upgraded to Mac OS X 10.4. When one
student connects to his or her file share, the name and password are sticking
even when the file share is trashed. We are prompted with th
When attempting to join an Active Directory I get the following error: I
cannot find any information on what this is.
Nov 6 15:17:58 usra1itest01 net[22944]: [ID 702911 user.error]
ads_connect: Illegal byte sequence
Eric Decker
Server/Network/Voice
tyco /ELECTRONICS
8000 Purfoy
I am hoping to find out if Kerberos
can be used on any network...For exampleI have a client that has been told
that Kerberos can only work on Symbol access pointsIs that true. I am
looking to see if it can be utilized in an open architecture
environmentIntegrating either Cisco
Hello -
I am trying to find out whether there is a version of kerberos/sidecar for palm os.
My server at work requires sidecar to gain access to certain resources. I am using a
Palm Tungsten C.
Thanks for any help you can provide
Dan
Kerberos
Hi,
I am a first time user of Kerberos, so please
apologize if questions are naive.
I downloaded Kerberos v4 from mit web site.
I untar-ed and read README file.
When I try to run: configure script, I see error:
$ ./configure
Configuring for a i686-unknown-linux host.
Invalid configuration `i686-
Hi
Would anyone on your team happen to know if Kerberos has ever been
implemented with a PeopleSoft PeopleTools 8.49 application?
Thanks
Chip Kibler
Sr PSE, PeopleSoft Support Services
Rimini Street, Inc.
ckib...@riministreet.com
www.riministreet.com
Office 972.539.5968
Cell 940.536.8393
_
On Aug 31, 2005, at 1:28 PM, Monaco, Jake wrote:
Hello,
My name is Jake Monaco and I'm the Music Technology Specialist at
the University of Richmond. We just recently upgraded to Mac OS X
10.4. When one student connects to his or her file share, the name
and password are sticking even
I'm continuing work on our NeXauth Product (http://www.nexauth.com) and
I'm having a problem duplicating the Kerberos process.
In reading the RFC's it seems as though the encrypted data in the
packet should be able to be decrypted if we have the proper password.
However, the encrypted data changes
Hello Everyone. I am building a webmail server that uses Kerberos to
authenticate users to our Active Directory servers. My problem is that the
users that need to access this system are across multiple domains (example:
[EMAIL PROTECTED], [EMAIL PROTECTED]). Is there a way for Kerberos to handle
Hello folks,
I'm trying to find a way to authenticate a username and password pair
regardless of whether the password is expired or not. When using
Authen::Krb5, if an accounts pw is expired, regardless of the password I
use to try to get a ticket, it will give me the error that the password
is e
Hi,
I'm new to kerberos and want to ask this:
I have a no-domain netwerk (just a workgroup) with mostly *nix computers
and have to try-out Kerberos on W2k AS. Any advise on how to do this,
please?
Thanks,
Huub
Kerberos mailing list Ke
For Kerberos on a firewall would i have to have both inbound and
outbound allowed. Or will it just work with outbound?
Thanks
Miki
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
22 bytes after the start of the padata
field.
So my question is:
Does the padata-value part of padata contain ASN.1 fields, or is it
simply a string of raw bytes? If it is just a set of raw bytes, how
should i be parsing the padata-value field so that i get the
encryption type and timest
Hi,
I have 2 questions on the installation of Heimdal:
1: I'm running an NFS-workgroup (various *nix pc's) with 1 Windows pc.
Can I run a Heimdal/Kerberos server in it or do I have to physically
separate them?
2: I'm trying to install Heimdal/AFS op NetBSD 2.1/amd64 but despite
reading the FA
Hi,
For some time I've been trying to setup a Kerberos environment, but
without much luck. Now I've found
http://www.xml-dev.com/blog/index.php?action=viewtopic&id=21 which shows
1 client, 1 Authentication server and a Ticket Granting server. Is this
the correct way to set it up, i.e. with 2 s
I was going to set up NIS in a small lab, but now am considering LDAP,
Kerberos, or NIS+ instead. However, the question I need to answer first is
if they support Solaris 2.6, 8, and 10? Also, I would think Kerberos would
be optimal due to the tight security needed, however I would like to know
Dear sir or madam,
Every time windows starts, Kerberos prompts me for my password. How do I set
it so that it doesn't load automatically and doesn't sit in my system tray?
Thanks,
Ryan
-
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the
I am very interested in the Kerberos authentication protocol, and was simply
wondering whether I needed special permission to post a quick overview of
the protocol on my site, and link to your official MIT page. Thanks a lot.
Kerberos mailing list
We are testing out some new policies. (MIT Kerberos5 1.4.3)
We have found that a privileged principal "ROOT/[EMAIL PROTECTED]"
cannot overrule the password history policy on a standard principle but
it can/does ignore the password minimum life.
Is this a feature or a bug?
Hi ,
We are a small community college and we have a Windows 2000 network with
one domain and almost all of our computers are on this domain. Our web
servers and Database servers are also members of this domain. We were
looking at SSO and I was wondering if we have to implement MIT Kerberos to
This is probably a stupid question but the docs I have been reading have forced
me to ask. If the master goes down the slave should automatically pick up the
authentication requests, correct?
So far, from what I have read, it says that I need to copy the db over, stop the
master, start a couple
Hi, i am new to this forum. So if i am writting to wrong thread please don't
blame me.
The question i have is following:
i have msktutil which must generate keytab file for authentication against AD
(active directory).
Manual says: just type msktutil --create and keytab file will be gene
How can I get detailing about your Product line ... ?
Dr. Wong
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
Sorry if this is a bit newbie ..
This is my hypothetical scenario:
I have a client process that authenticates to the KDC.
I get a TGT as part of that transaction I think.
I go back to the TGS with my TGT and get a ticket to access some service.
Now that service ticket should be encrypted with a k
[EMAIL PROTECTED] (Daniel E. McGinley-Smith) writes:
> I am trying to find out whether there is a version of kerberos/sidecar
> for palm os. My server at work requires sidecar to gain access to
> certain resources. I am using a Palm Tungsten C.
>
> Thanks for any help you can provide
>
> Dan
Curr
Hi!
I would like/must to make a big system, for that I thought I make with
kerberos. My question is that it's possible that the user info's come from
LDAP the authentication be the kerberos? And at last I have lot of
workstations with windows, the kerberos can serve user and pa
Where can I get instructions to compile the kerberos code on Windows
using MS VC ?
Thanks
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
I am trying to write a script to create users. In some parts of the script I need to
have a plain admin ticket and using the command:
kinit -c /tmp/admin.cache
gets me one happily.
In another part of the script I need to set the user's password. For this I need a
kadmin ticket which I c
Jack J <[EMAIL PROTECTED]> writes:
> I am a first time user of Kerberos, so please
> apologize if questions are naive.
> I downloaded Kerberos v4 from mit web site.
> I untar-ed and read README file.
If you're a first-time user of Kerberos, you almost certainly do not want
Kerberos v4. You want
Final question for today: is it explicitly disallowed for separate realms
to map to a single DNS domain in [domain_realm] section? We have a
situation where users belonging to separate realms are in the same DNS
domain and cross-realm authentication for these users is a must. When I
tested this
greetings,
my understanding is that the KRB_AP_REP is returned by the host when
mutual authentication is requested by the client. as part of the
client authenticator, it can choose to provide (among others)
checksum, seq_no, subkey. however, in the KRB_AP_REP message, only
seq_no and subkey are
I would like to understand Kerberos authentication at a fundamental
level, and most of my research is turning up examples that are way too
complicated or way too simple...
Do you know of (or could jot down) a basic, packet-level breakdown of
the authentication process?
By that, I mean, what th
I'm running a KCD/kadmind on a Fedora box using Fedora's packages (1.3.1
release 6) and am having problems with my wildcarded ACLs.
My situation is that I have a DNS domain with a very large number of
subdomains (and subsubdomains etc. ad nauseam) whose computers may require
host principals. I
I have been asked to verify that the patches at the below url have been
applied to the 1.3.5 src and not being a developer I have a question.
http://diswww.mit.edu:8008/menelaus.mit.edu/krb5-bugs/3316
http://diswww.mit.edu:8008/menelaus.mit.edu/krb5dev/5986
The first patch on get_myaddress.c I
cator together to
the server for authentication. My question are:
1) Can I put the authenticator and ticket into MY application's message
instead of Kerberos's Application Request message? For example, convert the
authenticator and ticket into hex-coded string and put this stri
Please tell me how kerberos solve below problem?
if one knows your userID and send it to Authenticaton Server of
kerberos and receive the TGS ticket.
he can break the encryption off-line and capture the private key of
that user.
Kerberos mailing l
In Kerberos 1.5, krb5_sname_to_principal calls krb5_get_host_realm which (when
KRB5_DNS_LOOKUP is defined) causes DNS to be queried for a _kerberos.FQDN TXT
RR when no applicable domain_realm entry is found and dns_lookup_realm is set.
In 1.6 the KRB5_DNS_LOOKUP ifdef'ed code was removed. This me
Hi all,
I work on a security library that provides access to Kerberos through
GSS-API. We are trying to log Kerberos errors using gss_display_status. We
have noticed that the same error code can, at different times, produce
either a helpful or an unhelpful error message. Sometimes this seems to
de
Greetings,
I currently have a MIT KDC where I need to use the des-cbc-crc:normal
encryption type on *one* service principal. The rest of my KDC all
principals can be aes or rc4. I'm confused as to what I need in my
config and what will work.
If I just have aes256-cts:normal and rc4-hmac:norm
Can I use capitalization in names used in kerberos domain?
I am bumping into a issue when capital letters are used in domain but not in
the hostname only.
Details below.
Needless to say all sort of other authentication also fails.
[r...@nf-arktest-sto ~]# hostname
nf-ArkTEST-sto.ArkTEST.name.com
Hi... I'm hoping that questions about MIT Kerberos for Windows are
on-topic here. Apologies in advance if this is not the case.
We have a Samba 3 domain and also separate MIT Krb5 KDCs, where the
principal names match the Samba userids. On previous Windows XP
machines with Kfw 3.x installed, Kfw
I am still testing kerberos pretty thoroughly. Now I am at SPNEGO.
I was able to have it to work (with firefox) when calling simple URI
such as http://host.domain.tld but not when calling
http://host.domain.tld/test_dir.
I did change the negotiate URI field in firefox configuration, but did
n
Hi,
I think I have the basic binaries installed correctly, but I just
can't figure out where to go from here. I created a user 'juergen'
(with addprinc') who can get a ticket with kinit OK. Or so I think:
klist gives me the following output:
---
Ticket cache: FILE:/tmp/krb5cc_1001
Default princ
I have a V4 server set up and want to connect a V5 client to it
Is there anything that I need to do to tell the client that it is connecting
to a V4 server? If so, where, and what field?
I try to connect, and get:
kinit: Initial Ticket response appears to be Version 4 error while getting
i
Hi,
Here's a question. Lets say that we have a UNIX
computer that is in a Kerberos realm, and an untrusted
user has "root" access. If some other user happens to
log in to that computer, then the root user can
symbolically link their ticket cache file to that of
any user that has
ldap server.
I have the slave openldap server in location B with a krb5.keytab with an
entry for ldap/[EMAIL PROTECTED]
I am setting replication between the two sites with a Kerberos principal
called replicator.
My question is: can I use the same keytab to hold the keys to the same
service but
Hello
I don't know if you have enough time to answer to me
If there is a forum or something more approprated to do that, can you
tell me ?
So ...
I have a general question about kerberos :
It concerns the KRB-AS-REP message where there is 2 encrypted parts :
* Part 1) One included i
--On Wednesday, September 21, 2005 07:07:03 -0700 NetSteady
<[EMAIL PROTECTED]> wrote:
In reading the RFC's it seems as though the encrypted data in the
packet should be able to be decrypted if we have the proper password.
However, the encrypted data changes with every attempt we send, and we
c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 22 Sep 2005 at 11:36 (-0500), Digant C Kasundra wrote:
I'm trying to find a way to authenticate a username and password pair
regardless of whether the password is expired or not. When using
Authen::Krb5, if an accounts pw is expired, regar
Ah, that work. I tried to get a ticket for kadmin/changepw instead of a
TGT for the realm. Thanks for the lead!
-- DK
On Thu, 2005-09-22 at 10:09 -0700, Mike Friedman wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thu, 22 Sep 2005 at 11:36 (-0500), Digant C Kasundra wrote:
>
> "digant" == Digant C Kasundra <[EMAIL PROTECTED]> writes:
digant> Ah, that work. I tried to get a ticket for kadmin/changepw
digant> instead of a TGT for the realm. Thanks for the lead!
Please remember that you need to verify the ticket you get, or else an
attacker could collude with an i
pw is expired, regardless of the password I
>use to try to get a ticket, it will give me the error that the password
>is expired. How can I verify the username and password?
This isn't actually a Perl question.
You need to request an initial ticket for a password-changing
service, rather t
Actually, I lied. I did create a new service/checkpw principal and gave
it the pw change service flag and that's what I'm using to check the
password. I should probably verify that ticket with a keytab.
On Thu, 2005-09-22 at 13:54 -0400, Tom Yu wrote:
> > "digant" == Digant C Kasundra <[EMA
yes.
There is a domain to realm mapping section in krb5.conf
--
vj
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
I'm actually speaking about the enc-part of the Kerberos packet itself,
not in the ticket. Is this the part you were speaking of?
Our problem is that we're trying to validate the password for the user
when we receive the AS-REP packet, but for some reason, we cannot find
where to get the encryptio
Maybe this helps (from
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/4a1daa3e-b45c-44ea-a0b6-fe8910f92f28.mspx
)
Markus
KRB_AS_REP Message Contents
The message includes:
. A TGS session key for the user to use with the TGS, encrypted with
the user key d
On Sep 29, 2005, at 14:32, NetSteady wrote:
I'm actually speaking about the enc-part of the Kerberos packet
itself,
not in the ticket. Is this the part you were speaking of?
Any EncryptedData object. The specs in RFC 3961 specify how
encryption is done. For all (I believe) currently defin
NetSteady wrote:
> We are just trying to replicate the proceses that Kerberos for Windows
> goes through, and the only traffic that we see from a windows machine
> to a Kerberos KDC is the AS-REQ and AS-REP exchange. The process is
> supposed to be as simple and fast as possible for password valida
We are just trying to replicate the proceses that Kerberos for Windows
goes through, and the only traffic that we see from a windows machine
to a Kerberos KDC is the AS-REQ and AS-REP exchange. The process is
supposed to be as simple and fast as possible for password validation,
as our possible imp
Hi all,
I am working to modify a SSO app called Cosign. I want it to try to
authenticate to multiple realms. I actually have it doing that now. However,
someone has brought up a good question. Right now, I only have an Active
Directory realm and a Unix realm. However, if I want to add
Huub wrote:
Hi,
I'm new to kerberos and want to ask this:
I have a no-domain netwerk (just a workgroup) with mostly *nix computers
and have to try-out Kerberos on W2k AS. Any advise on how to do this,
please?
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp
Mikiala Malabon wrote:
> For Kerberos on a firewall would i have to have both inbound and
> outbound allowed. Or will it just work with outbound?
>
> Thanks
> Miki
If you want clients inside the firewall to be able to contact KDCs
outside the firewall, you need to open outbound.
If you want cli
On Wed, Dec 07, 2005 at 10:40:41AM -0500, Luke wrote:
> So my question is:
> Does the padata-value part of padata contain ASN.1 fields, or is it
> simply a string of raw bytes? If it is just a set of raw bytes, how
> should i be parsing the padata-value field so that i get the
ame
> host/hostname.example.com
>
> My question is this: do I have to type host/ just like that or do I have
> to fill in something?
Yes, just like that. In this way you create a host service principal.
> Also, it says that it fails to find the server, but I'm doing this on
ample.com
>> kadmin> ext keytab -k /tmp/krb5.keytab-hostname
>> host/hostname.example.com
>>
>> My question is this: do I have to type host/ just like that or do I
>> have to fill in something?
>
>
> Yes, just like that. In this way you create a host se
> kadmin> add --random-key host/hostname.example.com
>>> kadmin> ext keytab -k /tmp/krb5.keytab-hostname
>>> host/hostname.example.com
>>>
>>> My question is this: do I have to type host/ just like that or do I
>>> have to fill in somethin
lowing I have to do this:
>>>>
>>>> kadmin -p alice/admin
>>>> kadmin> add --random-key host/hostname.example.com
>>>> kadmin> ext keytab -k /tmp/krb5.keytab-hostname
>>>> host/hostname.example.com
>>>>
>>>> My
>>>> I'm setting up a kerberos/heimdal server and according to the steps
> >>>> I'm following I have to do this:
> >>>>
> >>>> kadmin -p alice/admin
> >>>> kadmin> add --random-key host/hostname.example.com
>
On Jan 5, 2006, at 09:06, Huub wrote:
> For some time I've been trying to setup a Kerberos environment, but
> without much luck. Now I've found
> http://www.xml-dev.com/blog/index.php?action=viewtopic&id=21 which
> shows
> 1 client, 1 Authentication server and a Ticket Granting server. Is
> thi
Hallo,
I have a short question:
I have tried out the Kerberos system under Windows XP. It seems, that for
Windows, there is only a Windows Client for Kerberos available.
Please give me an information, where I can find the kadmin server for this
OS.
Should it build through the sources
Can somebody explain the what is going on with
"if(authenticator->cksum == NULL) return -17;"
(see below). I am getting this wierd error -17 out
of NetBSD's telnetd when trying to connect with
Hummingbird's telnet client. Is an authenticator
checksum optional? Or is it truly an error?
Than
I'm running the Leash client Version 2.6.3.20040525 to authenticate to
Kerberos 5. The authentication process runs very quickly both from work
and anywhere I travel (laptop, hotels, wireless, wired, etc.). However,
whenever I authenticate from home via my ISP cable modem, it takes
literally 2 min
I'm running the Leash client Version 2.6.3.20040525 to authenticate to
Kerberos 5. The authentication process runs very quickly both from work
and anywhere I travel (laptop, hotels, wireless, wired, etc.). However,
whenever I authenticate from home via my ISP cable modem, it takes
literally 2
On Saturday, May 13, 2006 10:29:38 AM -0700 Vasken Houdoverdov
<[EMAIL PROTECTED]> wrote:
> I am very interested in the Kerberos authentication protocol, and was
> simply wondering whether I needed special permission to post a quick
> overview of the protocol on my site, and link to your offici
Borislav S <[EMAIL PROTECTED]> writes:
> Hello
> What license is the MIT source code distrubuted under. I found
> copywright notices but no mention of a license. Thanks.
The license for MIT Kerberos is found at the bottom of the README file.
Maybe you thought it was only a copyright and not a lic
Russ Allbery wrote:
> Borislav S <[EMAIL PROTECTED]> writes:
>
> > Hello
> > What license is the MIT source code distrubuted under. I found
> > copywright notices but no mention of a license. Thanks.
>
> The license for MIT Kerberos is found at the bottom of the README file.
> Maybe you thought it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've been testing authentication code that is intended to work with an
Active Directory KDC, as well as with an MIT K5 KDC, and which uses the
MIT K5 libraries. This is 'proxy auth', where I do the AS_REQ and also
process the AP_REQ in the same code
I've currently got a Heimdal KDC setup for testing. From the testing network, I
can succesfully get tickets via kinit, and ssh with the ticket between servers.
Now, I'm trying to get the Windows desktop side working. Right now, I can
authenticate (using SecureCRT with Kerberos support) but only whe
Hi all,
I use ethereal to track some kerberos authentication on windows. I
notice there are two consecutive trips of TGS-REQ and TGS-REP. I
thought it should be only one. However the realm of both TGS-REQ are
different.
One is cifs and another one is krbtgt.
What does it indicate?
Thanks
Joe
Firoz Allahwali wrote:
> Hi ,
>
> We are a small community college and we have a Windows 2000 network with
> one domain and almost all of our computers are on this domain. Our web
> servers and Database servers are also members of this domain. We were
> looking at SSO and I was wondering if
.
4) Change the master kerberos server CNAME to point to the new master.
5) Reconfigure propagation from the new master to the remaining slave.
After fixing the failed system we can bring it back up as a slave and put
it back in the pool.
-Mike
> This is probably a stupid question but th
greeting to you.
I'm ayu, a comp science student. Currently i'm doing a research about
Kerberos that have been developed as part of project athenna at MIT.
so would you give me an information about the requirement for kerberos and
the authentication dialog in both kerberos Version 4
Hello all,
We're in the process of enabling additional enctypes in a K5 realm that
previously only had DES keys. Our kdc.conf file now reads (in part):
master_key_type= des-cbc-crc
supported_enctypes = des-cbc-crc:normal des3-cbc-sha1:normal aes256-cts:normal
I've rekeyed the krbtgt key of
Hello MIT!
I was looking at my event viewer on my server and was wondering what Kerberos
was when I came across it trying to log on to the machine. I read the 'What is
Kerberos' on your website but I still have a question. Is logging on, or
attempting to, under Windows 2003 Serv
n_after_close = false
minimum_uid = 0
try_first_pass = true
}
--
View this message in context:
http://www.nabble.com/Apache-Authentication-Question-tf2655798.html#a7407934
Sent from the Kerberos - General mailing list archive at Nabble.com.
I have written a tool which processs GSSAPI tokens and loops forever. Since
it may run for a long time I try to check with valgrind that it doesn't leak
memory.
I noticed the following two valgrind messages:
==866== 128 bytes in 4 blocks are still reachable in loss record 2 of 4
==866==at 0
Hello, new to the list here, hope this hasn't been answered yet. Is there a
domain length restriction when attempting to add a server to the list. I had
issues with a server whose domain was 32 characters long, not by my choice, and
it would cause kdcsetup to crash every single time I attempte
My application tries to renew credentials with krb5_get_renewed_cred about
every 5 minutes for the default principal. Will a following
gss_init_sec_context request a new service principal or do I need to call
krb5_get_renewed_cred also for the service principal ?
I see the following when renewi
Hi,
I am trying to understand how gss_acquire_cred works.
When trying gss_server and gss_client - sample programs : When
gss_server run as user root the gss_acquire_cred function executes without
any errors. (The service principal key is added to the keytab file)
When I execute gss_server
Michael Lysenko wrote:
> Hi, i am new to this forum. So if i am writting to wrong thread please don't
> blame me.
>
> The question i have is following:
>
> i have msktutil which must generate keytab file for authentication against AD
> (active directory).
>
>
hi list,
As I was playing arround with krb5.conf and kadmind daemon, I face this.
If the "default_realm = xx" entry is removed from krb5.conf file. Then
the kadmin deamon started well with "kadmind -r ".
But when I was starting kadmin interface, it failed saying:
# kadmin -p admin/admin -r
Authe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I initially sent this to krbdev, but in retrospect it probably more
rightly belongs here.
Hello,
I am attempting to set up pkinit authentication with the kerberos 1.6.3
code, and havind trouble figuring out what is needed to get the kinit
client to u
it in a HP notebook.
And here is my question:
Did any of you ever had to replace this particular HP spare part and
did you replace it with something else than from HP and how did it
work?
Thanks in advance for your advice.
Best regards,
Gene
Ker
Thank you very much for answering my question.
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
[145](info): DISPATCH: repeated (retransmitted?) request from 0.0.0.0 port 39968, resending previous !
!
response
We are very new to Kerberos -- so sorry if this question is trivial. Any suggestions would be really helpful and greatly appreciated.
Thanks,
MonicaDo You Yahoo!?
Yahoo! Health - Feel be
Hi all,
I've created 1,000+ KDC accounts, each one having a ticket life of 1 minute. I left it overnight with three clients logged in, and when I checked the krb5kdc.log this morning, I see the TGS and AS requests coming through every SECOND for those three accounts.
Do you know why the KDC would b
>So does the service need to contact a KDC to validate the ticket when it
>receives my call?
No, that's the beauty of Kerberos.
-- Luke
--
Luke Howard | PADL Software Pty Ltd | www.padl.com
Kerberos mailing list [EMAIL PROTECTED]
https
> No, that's the beauty of Kerberos.
Thanks Luke.
Someone tells me they've been sniffing and found that one particular
implementation does in fact hit the KDC to validate the ticket.
I wonder if it's actually hitting the KDC for some other purpose.
Getting further information perhaps .. I guess th
authorisation data.
In practice the only the Local Security Authority has access to the
service key so this attack would not be possible. It certainly adds
a layer of complexity as far as interoperability is concerned.
-- Luke
>From: [EMAIL PROTECTED] (Tony Cowan)
>Subject: Re: Architectural Qu
[EMAIL PROTECTED] (Tony Cowan) writes:
> Someone tells me they've been sniffing and found that one particular
> implementation does in fact hit the KDC to validate the ticket.
> I wonder if it's actually hitting the KDC for some other purpose.
> Getting further information perhaps .. I guess the "s
1 - 100 of 665 matches
Mail list logo
