Hi,
I have setup an OpenBSD 7.2 machine running Heimdal 7.7.0 as a Kerberos
server. I then have an NFS Linux server running Arch Linux on another
machine. I then have a FreeBSD NFS client and another Arch Linux NFS
client on other physical hardware (all physical machines on the same LAN
On Sat, 30 Jul 2022, Michael Dinon wrote:
> Is it normal to have a Local Kerberos Realm configured on a brand new
> MacBook?
Wrong mailing list! You must have meant to send the question to
freebsd-questi...@freebsd.org. That is where OS X users congregate.
Cheers,
Predrag
Is it normal to have a Local Kerberos Realm configured on a brand new
MacBook?
--
Kind regards,
Mike
ve to use Kerberised SSH to perform
some work on one of .mil servers. I opened egress ports kerberos,
klogin, kshell TCP protocol as well as kerberos UDP. After the work is
finished and desktops are "logged out" routing tables (dns) are in a bad
state on the firewall. A simple
pfctl
C.MP#0 octeon
> >
> > The desktops behind the firewall have to use Kerberised SSH to perform
> > some work on one of .mil servers. I opened egress ports kerberos,
> > klogin, kshell TCP protocol as well as kerberos UDP. After the work is
> > finished and desktops are
H to perform
> some work on one of .mil servers. I opened egress ports kerberos,
> klogin, kshell TCP protocol as well as kerberos UDP. After the work is
> finished and desktops are "logged out" routing tables (dns) are in a bad
> state on the firewall. A simple
>
>
D 6.5 GENERIC.MP#0 octeon
The desktops behind the firewall have to use Kerberised SSH to perform
some work on one of .mil servers. I opened egress ports kerberos,
klogin, kshell TCP protocol as well as kerberos UDP. After the work is
finished and desktops are "logged out" routing tables (dn
Hi Misc,
I am using Edgerouter lite as a firewall/DNS cashing resolver for one of
our remote location
ubnt1# uname -mrsv
OpenBSD 6.5 GENERIC.MP#0 octeon
The desktops behind the firewall have to use Kerberised SSH to perform
some work on one of .mil servers. I opened egress ports kerberos
On 12/09/15 17:45, Friedrich Locke wrote:
> I am a little outdated, but was heimdal removed from the bsd world or it
> was just moved from the base system to the ports collection ?
>
> Thanks.
>
>
Ports
/usr/ports/security/heimdal
I am a little outdated, but was heimdal removed from the bsd world or it
was just moved from the base system to the ports collection ?
Thanks.
On Wed, Dec 09, 2015 at 11:13:40AM -0200, Friedrich Locke wrote:
> What is/are the alternative(ies) for kerberos on openbsd ? (Since is was
> removed from the distribution).
I use kerberos from ports every day with FF. Unfortunatelly
other apps from ports don't have krb flavor so you
On 09/12/15 15:13, Friedrich Locke wrote:
What is/are the alternative(ies) for kerberos on openbsd ? (Since is was
removed from the distribution).
Thanks.
Don't know if you can compile it, but the commit-remove msg is all time
classic :)
http://marc.info/?l=openbsd-cvs&m=13981610
On Wed, Dec 09, 2015 at 11:13:40AM -0200, Friedrich Locke wrote:
> What is/are the alternative(ies) for kerberos on openbsd ? (Since is was
> removed from the distribution).
It depends on your exact needs, but there's:
ports/security/heimdal
ports/sysutils/login_krb5
--
Antoine
What is/are the alternative(ies) for kerberos on openbsd ? (Since is was
removed from the distribution).
Thanks.
> Reading current.html, I noticed that KerberosV was removed. I would like
> to now why?
>
> Recentely (a year or two), it was update from 0.7 to 1.5
It is crap. Eventually we recognize the risk is to high.
Then situations change.
2014-05-01 21:14 GMT-03:00 Philip Guenther :
> On Thu, May 1, 2014 at 5:09 PM, Rodrigo Mosconi
> wrote:
> > Reading current.html, I noticed that KerberosV was removed. I would like
> > to now why?
> >
> > Recentely (a year or two), it was update from 0.7 to 1.5
>
> What was unclear about the com
On Thu, May 1, 2014 at 5:09 PM, Rodrigo Mosconi
wrote:
> Reading current.html, I noticed that KerberosV was removed. I would like
> to now why?
>
> Recentely (a year or two), it was update from 0.7 to 1.5
What was unclear about the commit message?
>> Log message:
>> The complexity and quality o
Reading current.html, I noticed that KerberosV was removed. I would like
to now why?
Recentely (a year or two), it was update from 0.7 to 1.5
On Tue, Mar 11, 2014 at 09:36:01PM -0300, Friedrich Locke wrote:
> Hi folks.
>
> May someone tell me how do i enable gssapi and krb support to sshd/ssh ?
Do you really need GSSAPI or do you just need Kerberos authentication?
If Kerberos auth is enough, you can change login.conf defaul
Or maybe not. :)
but if that's really what you want, I would start with;
http://web.mit.edu/kerberos/
You know there are modern alternatives, right?
You might want to Wiki Kerberos...
On Tue, Mar 11, 2014, at 10:39 PM, Eric Furman wrote:
> On Tue, Mar 11, 2014, at 08:36 PM, Friedrich Loc
> May someone tell me how do i enable gssapi and krb support to sshd/ssh ?
Look at diffs to the Makefile in the recent past.
> PS: i am running OBSD 5.4
As soon as you enable it, you are not running OpenBSD 5.4. You will
be on your own, and we expect you to understand that.
bsd.org/cgi-bin/man.cgi?query=kerberos&sektion=8
Hi folks.
May someone tell me how do i enable gssapi and krb support to sshd/ssh ?
Thanks in advance.
PS: i am running OBSD 5.4
On Mon, Nov 11, 2013 at 03:21:19PM -0800, Senthil Kumar M wrote:
> In kerberos(8) man page, the link no longer points to the Kerberos FAQ
> page.
>
> Can this link http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
> be changed to:
> http://www.cmf.nrl.navy.mil/krb
Hi,
In kerberos(8) man page, the link no longer points to the Kerberos FAQ
page.
Can this link http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
be changed to:
http://www.cmf.nrl.navy.mil/krb/kerberos-faq.html ?
Senthil
> Kerberos is disabled per default in SSH now?
>
> Any plans to enable it again?
I would also like to know about this (was a nasty surprise when I couldn't log
into work after a snapshot upgrade!).
Are there also plans to remove this from openssh-portable, or is this just
limite
Kerberos is disabled per default in SSH now?
Revision 1.60: download - view: text, markup, annotated - select for diffs
Wed Jun 19 05:27:06 2013 UTC (5 weeks, 5 days ago) by deraadt
Branches: MAIN
Diff to: previous 1.59: preferred, coloured
Changes since revision 1.59: +2 -1 lines
stop doing
On 2013-04-12, Rémi Bougard wrote:
> Hi,
>
> On Fri, Apr 12, 2013 at 01:06:30PM -0300, Friedrich Locke wrote:
>> Hi folks,
>>
>> i am running OBSD 5.2 and i would like to try to connect to a kerberos
>> server using php.
>>
>> In the following link h
Hi,
On Fri, Apr 12, 2013 at 01:06:30PM -0300, Friedrich Locke wrote:
> Hi folks,
>
> i am running OBSD 5.2 and i would like to try to connect to a kerberos
> server using php.
>
> In the following link http://www.php.net/manual/en/book.kadm5.php in the
> requirement
Hi folks,
i am running OBSD 5.2 and i would like to try to connect to a kerberos
server using php.
In the following link http://www.php.net/manual/en/book.kadm5.php in the
requirement section it is stated :
"No external libraries are needed to build this extension.&q
On 2011-05-08, Jason McIntyre wrote:
> On Sat, May 07, 2011 at 09:28:48PM -0500, Markus Peloquin wrote:
>> On Fri, 2011-05-06 at 16:20 +0100, Jason McIntyre wrote:
>> > On Fri, May 06, 2011 at 09:39:48AM -0500, Vijay Sankar wrote:
>> > > man 8 kerberos has the fol
On Sun, May 08, 2011 at 08:26:04AM +0100, Jason McIntyre wrote:
> On Sat, May 07, 2011 at 09:28:48PM -0500, Markus Peloquin wrote:
> > On Fri, 2011-05-06 at 16:20 +0100, Jason McIntyre wrote:
> > > On Fri, May 06, 2011 at 09:39:48AM -0500, Vijay Sankar wrote:
> > &g
On Sat, May 07, 2011 at 09:28:48PM -0500, Markus Peloquin wrote:
> On Fri, 2011-05-06 at 16:20 +0100, Jason McIntyre wrote:
> > On Fri, May 06, 2011 at 09:39:48AM -0500, Vijay Sankar wrote:
> > > man 8 kerberos has the following URL
> > >
> > > http://www.n
On Fri, 2011-05-06 at 16:20 +0100, Jason McIntyre wrote:
> On Fri, May 06, 2011 at 09:39:48AM -0500, Vijay Sankar wrote:
> > man 8 kerberos has the following URL
> >
> > http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
> >
> > It should be http://www
On Fri, May 06, 2011 at 09:39:48AM -0500, Vijay Sankar wrote:
> man 8 kerberos has the following URL
>
> http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
>
> It should be http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
>
kerberos docs are maintain
man 8 kerberos has the following URL
http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
It should be http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
--- kerberos.8 Mon May 7 13:04:03 2007
+++ kerberos.8.tmp Fri May 6 09:37:19 2011
@@ -73,7 +73,7 @@
.Pp
For more
On Wed, Nov 17, 2010 at 07:03:55AM +0100, Tomas Bodzar wrote:
> $ diff -u -p /usr/src/kerberosV/src/lib/krb5/kerberos.8 kerberos.8
> --- /usr/src/kerberosV/src/lib/krb5/kerberos.8 Wed Nov 17 06:53:36 2010
> +++ kerberos.8 Wed Nov 17 06:37:52 2010
> @@ -73,7 +73,7 @@ without giving y
$ diff -u -p /usr/src/kerberosV/src/lib/krb5/kerberos.8 kerberos.8
--- /usr/src/kerberosV/src/lib/krb5/kerberos.8 Wed Nov 17 06:53:36 2010
+++ kerberos.8 Wed Nov 17 06:37:52 2010
@@ -73,7 +73,7 @@ without giving your password.
.Pp
For more information on how Kerberos works, and other general
from IPv4:10.0.9.15 for
krbtgt/ualberta...@mokaz.com
2010-10-04T02:40:11 Server not found in database:
krbtgt/ualberta...@mokaz.com: No such entry in the database
Why am I getting these errors? Are they compiled in?
How do I quiet this?
For clients, all of my Kerberos settings are in DNS
e they compiled in?
>
> How do I quiet this?
>
> For clients, all of my Kerberos settings are in DNS; there is no krb5.conf.
>
> Here is krb5.conf on the Kerberos server:
Try adding the following into your krb5.conf:
[appdefaults]
kinit = {
afslog
On Wed, May 19 2010 at 14:21, Enrico Scichilone wrote:
> Am 19.05.2010 20:52, schrieb Claer:
> >However, on the kerberos server side, no request have been made to the
> >"claer" account :
> >May 19 20:44:56 diogene krb5kdc[18818](info): AS_REQ (8 etypes {18 17
Am 19.05.2010 20:52, schrieb Claer:
However, on the kerberos server side, no request have been made to the
"claer" account :
May 19 20:44:56 diogene krb5kdc[18818](info): AS_REQ (8 etypes {18 17 16 5 23 3
2 1}) 172.16.1.1: CLIENT_NOT_FOUND: nou...@claer.hammock.fr for
krbtgt/cla
th ssh. That's why
> > /etc/login.conf has been modified regarding auth entry :
> >
> > auth-defaults:auth=krb5-or-pwd,passwd:
> >
> > But, when I try to ssh in with -l claer, sshd doesn't seem to find
> > the "claer" passwd entry and I have this
th entry :
>
> auth-defaults:auth=krb5-or-pwd,passwd:
>
> But, when I try to ssh in with -l claer, sshd doesn't seem to find
> the "claer" passwd entry and I have this line on the kerberos server :
>
> May 19 17:18:46 diogene krb5kdc[18818](info): AS_REQ (8 etypes {18
is "/etc/afs/ThisCell". Is there a way to
> > disable this behavior?
>
> Yes.
>
> [appdefaults]
> kinit = {
> afslog = no
> }
Continuing to play with Kerberos, I'm adding ypldap into play.
This time, I'd like to use ldap to
On Wed, May 19 2010 at 17:11, Antoine Jacoutot wrote:
> On Wed, 19 May 2010, Claer wrote:
> > It seems that the client is trying to get a ticket for the afs client.
> > AFS is not enabled on my BSD box and I don't need it. The only reference
> > I found on UALBERTA.CA is "/etc/afs/ThisCell". Is the
On Wed, 19 May 2010, Claer wrote:
> It seems that the client is trying to get a ticket for the afs client.
> AFS is not enabled on my BSD box and I don't need it. The only reference
> I found on UALBERTA.CA is "/etc/afs/ThisCell". Is there a way to
> disable this behavior?
Yes.
[appdefaults]
Hello,
I'm playing with Kerberos authentification on my box and there
are some problems that I need assistance for.
For the first time I saw a lack of documentation on OpenBSD
(Weel, may be it's time to contribute :-)) regarding authentification.
The FAQ doesn't help much on Ke
On Sat, Sep 05, 2009 at 07:43:04PM +0200, soko.tica wrote:
> On 9/4/09, Joachim Schipper wrote:
> > I'm inclined to question your "should",
>
> My intention is just to give a try to Kerberos. If a few lines of
> elaboration is not too inconvenient to you, It w
On 9/4/09, Joachim Schipper wrote:
> I'm inclined to question your "should",
My intention is just to give a try to Kerberos. If a few lines of
elaboration is not too inconvenient to you, It would be great to read
it.
> Do note that FTP is pretty much a relic.
The single
On 9/5/09, Edho P Arief wrote:
3Mhz was a typo. Should have been Ghz.
In my world it's not a big deal even for healthy in informal writing.
with all servers required, everything on i386
>>> architecture. Everything will run on 4.5 stable.
>>>
>>> Since Squid and Kerberos should be deployed, and I haven't worked with
>>> any of them, could anyone tell me which of them consumes more CPU
>>> power? I
On Thu, Sep 03, 2009 at 12:56:41PM +0200, soko.tica wrote:
> Hello list,
>
> I am setting up a mini network for myself, but trying to imitate a
> full-fledged network with all servers required, everything on i386
> architecture. Everything will run on 4.5 stable.
>
> Sin
On Thu, Sep 3, 2009 at 5:56 PM, soko.tica wrote:
> Hello list,
>
> I am setting up a mini network for myself, but trying to imitate a
> full-fledged network with all servers required, everything on i386
> architecture. Everything will run on 4.5 stable.
>
> Since Squid a
soko.tica wrote:
> Also, if anyone can tell me that placing ftp/tftp private server on
> inet alias of kerberos machine is stupid (since I figured out it would
> be stupid on squid machine), please don't hesitate to say it.
On some systems kerberos refuses to install if there is an ftp daemon...
Hello list,
I am setting up a mini network for myself, but trying to imitate a
full-fledged network with all servers required, everything on i386
architecture. Everything will run on 4.5 stable.
Since Squid and Kerberos should be deployed, and I haven't worked with
any of them, could anyone
Hello all!
Installing pgsql server for the first time, I get stuck on this (which
is a part of the /usr/local/share/doc/postgresql/README.OpenBSD)
ktutil -k /etc/postgresql/krb5.keytab get postgres/server.domain
ktutil: connect(kerberos.): Connection timed out
ktutil: connect(kerberos
On Mon, 2008-04-07 at 20:48 -0700, Clint Pachl wrote:
> Is the ~/.k5user file supported in OpenBSD's Heimdal implementation? I'm
...
> BTW, what is /root/.klogin? Is it for kerberos 4? It doesn't have a man
Yes, it is (was) for krb4.
[demime 1.01d removed an attachment of
Is the ~/.k5user file supported in OpenBSD's Heimdal implementation? I'm
running OBSD 4.1.
kadmin> list *
root
pachl
default
root/root
pachl/root
pachl/admin
kadmin/admin
kadmin/hprop
kadmin/changepw
krbtgt/MOKAZ.COM
changepw/kerberos
host/htx.mokaz.com
host/kerberos.m
Dear folks,
i am losing my hear. I am in need to get a gentoo linux desktop (note:
running garbage stuff like linux is not my choice but a user
requirement) to authenticate through kerberos. For now i could do it
only on console tty and sshd server. But when i try to auth in the
local xdm/gdm
My previous message was probably a bit dense, so I'll try my best to get right
to the point.
kerberos kinit was failing, giving me the error "incorrect net address"
The kdc.log file indicated that the request was coming from ::1 (the IPv6
loopback,
is that right?)
After much l
On Tue, 03 Jul 2007 03:39:51 +
"Douglas Maus" <[EMAIL PROTECTED]> wrote:
> Could someone help me understand IP addresses, DNS, and
> Kerberos on OpenBSD?
>
> I was getting "incorrect net address" when trying to kinit,
> and I found that switch
Could someone help me understand IP addresses, DNS, and
Kerberos on OpenBSD?
I was getting "incorrect net address" when trying to kinit,
and I found that switching 2 lines in /etc/hosts
putting first
10.0.1.201 auth.my.realm auth
before
::1 auth.my.realm auth
fixed this, but I don
Diana Eichert <[EMAIL PROTECTED]> writes:
> Another poster had a suggestion you might take to heart, get a free
> e-mail account somewhere which you can control. It's actually a great
> suggestion,
I second that. Not only do you then get to speak as *yourself*, if
you set things up right you a
[EMAIL PROTECTED] wrote:
I don't have the audacity to do anything. The email signature is defined
through company policy and tacked on by the M$ Exchange Server on the
way out. I have no say and only see it when I get replies to my email.
If your company insists on such stupid policies you shou
On Tue, 5 Jun 2007, [EMAIL PROTECTED] wrote:
I don't have the audacity to do anything. The email signature is defined
through company policy and tacked on by the M$ Exchange Server on the
way out. I have no say and only see it when I get replies to my email.
But, I'm glad that you appreciate wh
Maybe he is trying to impress anyone, specially UK-based openbsd misc
subscribers, in a
meditative way possible that he works for a company in the Docklands?
Saying that configuring "this" is better and easier than Redhat Linux has no
place in
the OpenBSD mailing lists.
> On Tue, Jun 05, 2007 a
On Tue, Jun 05, 2007 at 03:16:06PM +0100, [EMAIL PROTECTED] wrote:
> I don't have the audacity to do anything. The email signature is
> defined through company policy and tacked on by the M$ Exchange
> Server on the way out. I have no say and only see it when I get
> replies to my email.
Have you
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Diana Eichert
Sent: Tuesday, June 05, 2007 1:55 PM
To: misc@openbsd.org
Subject: Re: OpenBSD and Kerberos Client
> Signal to Noise ratio high in your last post.
>
> You think you trim some of the
> [EMAIL PROTECTED] wrote:
>>
>> please consider the environment before printing this e-mail.
>>
aha, that's why we can only get an 8A feed at Harbour Exchange,
the power is used up for .sig transmission (-:
This must be another troll wandering in the Docklands area.
> Signal to Noise ratio high in your last post.
>
> You think you trim some of the fat from your e-mails in your future posts?
>
> In your last e-mail you had a 4 line replay and 30 lines telling me how to
> locate you, get in touch with
On 05/06/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
I've also found some people complaining that keytabs created on a
different server than the one in which they are meant for do not work
very well.
In my small amount of testing/playing with it I had a keytab generated
on FreeBSD server
On Tuesday 05 June 2007 07:59, [EMAIL PROTECTED] wrote:
> Any chance you could help write up some documentation? Kerberos on
> OpenBSD doesn't really have any good docs that I could find. Maybe I
> could then retry this effort in the future. For expediency though, I
> will have
[EMAIL PROTECTED] wrote:
Perhaps, but I think you will have to take it on the heimdal lists,
I'm fairly sure it does interoprate with various kinds of krb5
implementations, not just the MIT one. We make the AD hang of our
heimdal servers here, so if heimdal can talk to Bill-kerberos,
it s
On Tue, Jun 05, 2007 at 01:59:07PM +0100, [EMAIL PROTECTED] wrote:
> Any chance you could help write up some documentation? Kerberos on
> OpenBSD doesn't really have any good docs that I could find. Maybe
> I could then retry this effort in the future. For expediency
> thoug
On Tuesday 05 June 2007 14:59:07 [EMAIL PROTECTED] wrote:
> Any chance you could help write up some documentation? Kerberos on
> OpenBSD doesn't really have any good docs that I could find. Maybe I
> could then retry this effort in the future. For expediency though, I
> will have
-Original Message-
From: Janne Johansson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 1:56 PM
To: David Rogal
Cc: misc@openbsd.org
Subject: Re: OpenBSD and Kerberos Client
>[EMAIL PROTECTED] wrote:
>>> Might I suggest you try this from the OBSD box:
>>> /us
Signal to Noise ratio high in your last post.
You think you trim some of the fat from your e-mails in your future posts?
In your last e-mail you had a 4 line replay and 30 lines telling me how to
locate you, get in touch with you via snail mail, tele, FAX and e-mail.
Also, it was apparent the
r
heimdal servers here, so if heimdal can talk to Bill-kerberos, it should
manage MIT too. ;)
Johansson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 12:53 PM
To: David Rogal
Cc: misc@openbsd.org
Subject: Re: OpenBSD and Kerberos Client
> Might I suggest you try this from the OBSD box:
> /usr/sbin/ktutil -k /etc/kerberosV/krb5.keytab get \
> -p myname/[EMAIL PROTECTED] hos
[EMAIL PROTECTED] wrote:
-Original Message-
From: Janne Johansson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 11:09 AM
To: David Rogal
Cc: misc@openbsd.org
Subject: Re: OpenBSD and Kerberos Client
[EMAIL PROTECTED] wrote:
Hello all, I'm having a problem setting up ker
emotely, then I simply can't use Heimdal. A
> 'catch 22' which makes OpenBSD unusable for us in this circumstance.
>
> Perhaps this is an incentive for Heimdal developers to get kadmin to
> work with MIT Kerberos. That would help increase its userbase.
>
>
perhaps
-Original Message-
> From: Janne Johansson [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 05, 2007 11:09 AM
> To: David Rogal
> Cc: misc@openbsd.org
> Subject: Re: OpenBSD and Kerberos Client
>
> [EMAIL PROTECTED] wrote:
>> Hello all, I'm having a problem s
On 05/06/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
Hello all, I'm having a problem setting up kerberos on an OpenBSD
system. Please advise as you can.
Thanks!
In my research about Kerberos I encountered statements that Heimdal
(what is in OpenBSD) and MIT (what seems to
[EMAIL PROTECTED] wrote:
Hello all, I'm having a problem setting up kerberos on an OpenBSD
system. Please advise as you can.
...8<...
I then tried kadmin on krbc2, which doesn't work. It doesn't even bother
with trying to get to the admin server. It just gives me a prompt
Hello all, I'm having a problem setting up kerberos on an OpenBSD
system. Please advise as you can.
Thanks!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
LEGEND (names changed for security)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
kdc = linux box, kdc and kerberos admin server
krbc1 = krb5 c
On Mon, Mar 12, 2007 at 08:27:46PM -0300, Gustavo Rios wrote:
> I would like to prevent password authentication for users that does
> not have a valid /etc/passwd password entry. It that possible?
> My current configuration retrieves the kerberos server login password!
> How coul
I would like to prevent password authentication for users that does
not have a valid /etc/passwd password entry. It that possible?
My current configuration retrieves the kerberos server login password!
How could it be done?
thanks in advance.
From: [EMAIL PROTECTED]
> you may have to fish online for some of the option
> descriptions since stuff like
> correct_des3_mic aren't in the manpage for krb5.conf. is
> there any plan to
> update the manpage with these missing options?
Nope. gssapi(3) has that and more.
DS
Original message
>Date: Sat, 15 Jul 2006 23:18:53 -0300
>From: "Gustavo Rios" <[EMAIL PROTECTED]>
>Subject: Kerberos
>To: misc@openbsd.org
>
>Well, here i am again.
>
>I was expecting that the granted ticket always hold the address to
>whi
Well, here i am again.
I was expecting that the granted ticket always hold the address to
which it is valid. After obtaining a ticket by means of kinit, i got
the following:
$ kinit
[EMAIL PROTECTED]'s Password:
$ klist -v
Credentials cache: FILE:/tmp/krb5cc_1000
Principal: [EMAIL PROTECT
pt i can't ssh out
> from the KDC using
> kerberos auth. messing with broken_des3_mic = host/[EMAIL PROTECTED]
> will probably fix
> that, haven't tried it yet.
>
> i think this reflects that current has heimdal 0.7 and 3.9
> release has 0.6. see
> http://www.thebestisp.
this works for you, I'd be interested in knowing what the exact
>nature of the problem is, I hate fixing something blindly without knowing
>why it's fixed.
>
this has fixed most of the problems, except i can't ssh out from the KDC using
kerberos auth. messing with broken_de
sn't
> show anything extra and it's not clear how to, if possible,
> turn up the kerberos
> log level.
>
> any advice would be appreciated. i suspect that this is some
> issue related to
> the KDC runnning current and the other machines being on 3.9 release.
I ran into
On Sun, 2006-07-09 at 18:58 -0500, Jacob Yocom-Piatt wrote:
> any advice would be appreciated. i suspect that this is some issue related to
> the KDC runnning current and the other machines being on 3.9 release.
this shouldn't matter as the language heimdal speaks is the same,
for the most part as
kerberos is setup to authenticate ssh sessions on my local network. it works
fine to and from all the machines on the network except for the KDC itself.
kerberos auth fails when sshing to or from the KDC. the logs of these failures
from /var/heimdal/kdc.log, /var/log/authlog and ssh -vvv outputs
please try the version from ftp.sernet.de there is also heimdal
for krb support with samba.
Thomas
Am Dienstag, den 06.06.2006, 17:06 +0200 schrieb Thomas Schoeller:
> hi list,
> i try to build the samba ldap port with kerberos support. i have added
> the --with-ads --with-krb5 optio
choeller wrote:
> hi list,
> i try to build the samba ldap port with kerberos support. i have added
> the --with-ads --with-krb5 options to the Makefile. but the configure
> script reported:
> checking whether LDAP support is used... yes
> checking for Active Directory and krb5 su
hi list,
i try to build the samba ldap port with kerberos support. i have added
the --with-ads --with-krb5 options to the Makefile. but the configure
script reported:
checking whether LDAP support is used... yes
checking for Active Directory and krb5 support... no
maybe the missing krb5-config
Good day,
I am trying to set up a network with OpenBSD 3.9 as core of a single
sign-on solution using Kerberos5 authentication, OpenLDAP as the
directory service, with Samba serving Windows clients. I followed the
steps in "info heimdal" and can get tickets. I then set up OpenLDAP,
added the schem
1 - 100 of 101 matches
Mail list logo