I'm trying to understand the feasibility of leveraging Kerberos
provided by an existing Active Directory implementation for use with
Solaris machines. The tricky part of it is that the the user names
chosen in AD are all 9-digit numbers, which are not compatible with
OpenSolaris, Solaris, etc.
I'
AFAIK, all current, common mapping mech's are many-to-one --- the one
being the unix username. The other direction is not properly defined.
I forget if the AD UPN is multi-valued or not. If so, then it offers
no particular solution for the problem. Even if that attribute is
single-valued
>On Mon, Oct 26, 2009 at 4:30 AM, Joep Vesseur wrote:
>
>>
>> It's currently not possible without adding some extra steps.
>> Either you'd need to install the binary setuid-root
>
>
>Just curious ... does SUID work anymore? I don't think it does, because
>recently I added SUID to a binary and w
If you're going to go through the trouble of changing the signature algorithm
from MD5, choose a strong algorithm instead of another weak one. SHA1,
although not as weak as MD5, is not recommended either. See this comnment from
NIST:
"NIST Comments on Cryptanalytic Attacks on SHA-1"
http://cs
On 10/26/09 23:20, Christine Tran wrote:
> Just curious ... does SUID work anymore?
Sure it does. That's how su(1) still works, and basically all the binaries
that use extra privilege (ping, crontab, rlogin, pfexec, etc).
> I don't think it does, because
> recently I added SUID to a binary and
Hi,
this has been answered yesterday. Please see the forum postings.
You'll have to add the "default_md=sha1" line to the [ req ] section in the
config file (not just modify the default_md entry in the ca section as this one
is not used for the req command).
In addition: You're not running Ope
