Alexey Beketov wrote:
Hello, I'm trying to setup replace AD with samba, already have working
samba+ldap. And stuck with kerberos.
pkg_info:
heimdal-1.0.1
nss_ldap-1.264_1
openldap-client-2.4.13
openldap-server-2.4.13
cat /etc/krb5.conf
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log
reebsd-
> [EMAIL PROTECTED] On Behalf Of Sahil Tandon
> Sent: November 16, 2008 11:10 PM
> To: freebsd-questions@freebsd.org
> Subject: Re: Kerberos in FreeBSD
>
> Ansar Mohammed <[EMAIL PROTECTED]> wrote:
>
> > Any reason why the port of HEIMDAL is at 0.6.3 (2004
Ansar Mohammed <[EMAIL PROTECTED]> wrote:
> Any reason why the port of HEIMDAL is at 0.6.3 (2004) in FreeBSD 7.0 when we
> have 1.0 available?
On 7.0-RELEASE:
% cat /usr/ports/security/heimdal/Makefile | grep PORTVERSION
PORTVERSION=1.0.1
--
Sahil Tandon <[EMAIL PROTECTED]>
___
On Mon, 2008-11-10 at 14:17 +0100, Mel wrote:
> On Monday 10 November 2008 13:53:41 Da Rock wrote:
>
>
> > Check the kerberos site for further, more accurate info, and run a
> > google search for browser kerberos auth with apache. You do need the
> > right module for apache to achieve this thoug
On Monday 10 November 2008 13:53:41 Da Rock wrote:
> Check the kerberos site for further, more accurate info, and run a
> google search for browser kerberos auth with apache. You do need the
> right module for apache to achieve this though- mod_auth_kerb. Some only
> offer a link between apache a
On Mon, 2008-11-10 at 07:18 -0500, Ansar Mohammed wrote:
> Does anyone know what is the actual purpose of the Kerberos krb5.keytab
> file?
>
>
>
> I have a freebsd 7 configured to authenticate users via Kerberos (both
> apache and ssh).
>
>
>
> Although the authentication between apache a
On Wed, Mar 07, 2007 at 02:43:15AM -0700, RJ45 wrote:
> there are many difficulties and YES there is the documentation
> on FreeBSD handbook but it does not helped me so much I Still ahve
> difficulties.
>
> I isntalled MIT krb5 also and I Am using kadmin from MIT
> to manage krb5 server.
So no
there are many difficulties and YES there is the documentation
on FreeBSD handbook but it does not helped me so much I Still ahve
difficulties.
I isntalled MIT krb5 also and I Am using kadmin from MIT
to manage krb5 server.
First problem
kadmin: ktadd -k /etc/krb5.keytab host/host.domain
On Tue, Mar 06, 2007 at 10:07:57AM -0700, RJ45 wrote:
> for example I would like to installa MIT krb5 implementation from ports
> instead of using heidmal default this because the kerberos server
> on my network is a MIT server and I can't use kadmin on FreeBSD
> to administrer the kerberos server
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:owner-freebsd-
> [EMAIL PROTECTED] On Behalf Of RJ45
> Sent: Tuesday, March 06, 2007 9:08 AM
> To: freebsd-questions@freebsd.org
> Subject: Kerberos authenticatino and ldap authorization
>
>
> Hello,
> I would liek to use FreeBSD as
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Vizion
> Sent: Friday, December 29, 2006 7:56 AM
> To: freebsd-questions@freebsd.org
> Subject: Kerberos/Heimdal/samba-libsmbclient
>
>
> I have a conflict regarding samba-libsmbclient-3.0.23d which
On 12/12/06, Timothy Radigan <[EMAIL PROTECTED]> wrote:
I am having trouble getting Samba 3 to compile with ADS support and I have
narrowed the problem down to Kerberos. I have been told previously to NOT
install the security/krb5 port when installing Samba 3 with ADS support,
but
I had already
On Mon, May 09, 2005 at 05:44:23PM -0700, Damian Sobieralski wrote:
> > Look into the GSSAPI options for /etc/ssh/ssh_config instead.
> > Newer OpenSSH versions support Kerberos natively and
> > don't need PAM hacks.
>
> Thanks Tillman! I was using PAM only based on someone's
> recommendation.
> Look into the GSSAPI options for /etc/ssh/ssh_config instead.
> Newer OpenSSH versions support Kerberos natively and
> don't need PAM hacks.
Thanks Tillman! I was using PAM only based on someone's
recommendation. As I've already admitted limited kerberos knowledge, I
didn't know enough to que
On Mon, May 09, 2005 at 08:53:21AM -0700, Damian Sobieralski wrote:
> > PAM does not map well to Kerberos, unfortunately. Generally speaking
> > you want to avoid PAM with Kerberos if you can possibly use native
> > Kerberos
> > :-)
>
> It seems my ignorance is kicking in here- how would they log
Anyone?
Message: 20
Date: Thu, 5 May 2005 15:26:11 -0700 (PDT)
From: Damian Sobieralski <[EMAIL PROTECTED]>
Subject: Re: Kerberos
To: freebsd-questions@freebsd.org
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
> PAM does not map well to Kerberos
I found another person having this problem. No replies though :(
http://groups-beta.google.com/group/lucky.freebsd.questions/browse_thread/thread/955323f07570f076/1bf8bf734758fc92?rnum=16#1bf8bf734758fc92
___
freebsd-questions@freebsd.org mailing l
> PAM does not map well to Kerberos, unfortunately. Generally speaking
> you want to avoid PAM with Kerberos if you can possibly use native
> Kerberos
> :-)
It seems my ignorance is kicking in here- how would they log into the
machine first, to issue "kinit"/native if I don't use PAM to get them
On Thu, May 05, 2005 at 10:11:30AM -0700, Damian Sobieralski wrote:
> Followup up:
>
> If AFTER I log in, I issue > kinit and type my password in. Now when I
> do a klist I get ticket information. Shouldn't the pam module do this
> aotomatically (call kinit)?
PAM does not map well to Kerberos,
Followup up:
If AFTER I log in, I issue > kinit and type my password in. Now when I
do a klist I get ticket information. Shouldn't the pam module do this
aotomatically (call kinit)?
If anyone can educate me in kerberos, I'd appreciate it.
___
f
> How did you confirm that you were authenticating via Kerberos?
ESP? :) You're right, I don't KNOW that. But if I didn't set a
password when I created the user, how else would it be authenticating?
Here's my /etc/pam.d/sshd file:
# auth
authrequiredpam_nologin.so
On Wed, May 04, 2005 at 02:33:30PM -0700, Damian Sobieralski wrote:
>
> I have a fairly weird question for the group. I recently set up a
> FreeBSD 5.3 box to use pam_krb5 for sshd authentication. It worked
> great. I created a local workstation user via adduser and when it came
> time for the
On Sun, Mar 13, 2005 at 05:30:09PM -, [EMAIL PROTECTED] wrote:
> what I was assuming would happen when I try to telnet in without a ticket
> (i.e. with running kinit) was that I would get asked for a
> username/password, and then I would get issued a ticket, rather than
> manually having to kin
On Sun, Mar 13, 2005 at 05:30:09PM -, [EMAIL PROTECTED] wrote:
> > On Sun, Mar 13, 2005 at 03:38:46PM -, [EMAIL PROTECTED]
> > wrote:
> >>I followed the handbook guide to setting it up, and it all seems to
> >> be
> >> working ok. I have now setup telnetd as described to test how it is
> On Sun, Mar 13, 2005 at 03:38:46PM -, [EMAIL PROTECTED]
> wrote:
>>I followed the handbook guide to setting it up, and it all seems to
>> be
>> working ok. I have now setup telnetd as described to test how it is
>> working. If I have done a kinit previously, it will log in no problem,
>>
On Sun, Mar 13, 2005 at 03:38:46PM -, [EMAIL PROTECTED] wrote:
>I followed the handbook guide to setting it up, and it all seems to be
> working ok. I have now setup telnetd as described to test how it is
> working. If I have done a kinit previously, it will log in no problem,
> but if I do
On Sun, Jul 27, 2003 at 05:09:14PM +0100, Lewis Thompson wrote:
> I'm trying to get sshd to authenticate users via Kerberos. I want to
> do this using a forwardable ticket (I get this by doing kinit -f). I
> have the necessary host/[EMAIL PROTECTED] and rcmd/[EMAIL PROTECTED] entries in the
> k
On Sun, Nov 24, 2002 at 05:48:22AM +0100, Peter Much wrote:
From: Peter Much <[EMAIL PROTECTED]>
Subject: Re: Kerberos is set up - now what?
To: [EMAIL PROTECTED]
Date: Sun, 24 Nov 2002 05:48:22 +0100 (CET)
Hi all,
as it seems to me, Kerberos5 is mostly unsupported in FreeBSD.
It'
Hi all,
as it seems to me, Kerberos5 is mostly unsupported in FreeBSD.
Yes, this is going to be a rant.
If you have an appropriate Kerberos support, no rsh, rlogin,
ftp, telnet or elsewhat will ever ask you for a password, if
you login to an account where you are allowed to do so via its
.klo
29 matches
Mail list logo
