Hi,
I have AD (Active Directory) Server installed on Win2003 server
I have another win2003 server as a client
what are the steps i have to follow to enable kerberos services, on which
boxes i need to confiure
and i want to authenticate the user using JNDI and kerberose
Can you please help me rega
Hello All,
I am looking for a way to enable users to get access to their space through
the web browser.
I would like to integrate it with our Kerberized SSO environment as well.
I tried this module http://modauthkerb.sourceforge.net/ but I have
encounter some issues:
1) I didn't succeed in confi
has anyone been able to figure this out?
thanks!
Steven
Very weird, when running kadmin.local under valgrind,
it does NOT segfault. I am including the valgrind
output.
---
[EMAIL PROTECTED] ~]# valgrind kadmin.local
==9674== Memcheck, a memory
>We received a lot of good information from the Windows Higher Ed list, but
>I thought it might be valuable to get feedback from the folks who support
>external KDCs as well. Are there any major gotchas that those of us
>who support Kerberos or the Windows community at large should be aware
>of?
Hi Ido,
The modauthkerb website says you need an extention for "Mozilla" (I'm
assuming the Mozilla Suite and Firefox) to do ticket-passing
authentication*. We have it setup for doing username and password
authentication right now and it works quite well. The configuration for a
.htaccess is
On Feb 19, 2008, at 02:17, Sachin Punadikar wrote:
> While doing code walkthrough of krb5kdc and kadmind programs,
> I noticed a difference between these two in the way it sets up the
> ports for listening.
> krb5kdc uses ioctl calls to get the interfaces list and then on each
> interface/ip-addres
There is a requirement that preauth'ed service accounts (which IIS would
have) only accept preauthed tickets.
* Speedo <[EMAIL PROTECTED]> [2008-02-19 10:32]:
> Sorry to post into 2 groups.
>
> I have a Java application using Kerberos to talk to IIS on a Windows
> domain. First I call java's ki
On Feb 19, 10:47 am, [EMAIL PROTECTED] wrote:
> Hello all,
>
> I have a specific question coming from my activities in a prior thread
> (Trouble Getting Ticket into Cache). The thread got confusing when
> others attached to it with different questions. I thought a new post
> was in order.
>
> My
Sorry to post into 2 groups.
I have a Java application using Kerberos to talk to IIS on a Windows
domain. First I call java's kinit and then use the acquired initial
TGT to connect to IIS with JGSS. When the initial ticket is pre-
authed, I can get the web content. However, if I set the user accou
Ido Levy <[EMAIL PROTECTED]> writes:
> I am looking for a way to enable users to get access to their space through
> the web browser.
> I would like to integrate it with our Kerberized SSO environment as well.
> I tried this module http://modauthkerb.sourceforge.net/ but I have
> encounter some is
With all of the testing I've been doing, the scenario
you describe has happened. I've been testing on
multiple machines, so I'm not sure if it's happened on
all of the ones that are failing.
Steven
--- Kenneth Grady <[EMAIL PROTECTED]> wrote:
> Have you reloaded an account from a dump? and was
>
Hello all,
I have a specific question coming from my activities in a prior thread
(Trouble Getting Ticket into Cache). The thread got confusing when
others attached to it with different questions. I thought a new post
was in order.
My C script is using get_in_tkt_with_password() to cache a pass
Hi,
no.
The centrofy client makes the unix/linux/mac computers AD aware, and kerberos
aware.
The central kdc is the Active Directory KDC, and the unix/linux/mac are exactly
as Windows AD client.
So, for example, a windows computer which use Putty can present a kerberos
ticket to a Unix machine
Javier Palacios ha scritto:
> If you experience problems with MIT, try with heimdal. Configuration only
> departs from non-ldap backend in the fact that you must supply an ldap
> dbname in the database section.
OK, I'll try. Thanks for the answers
--
questo articolo e` stato inviato via web d
sylvain cortes <[EMAIL PROTECTED]> wrote:
> So, for example, a windows computer which use Putty can present a
> kerberos ticket to a Unix machine with the Centrofy client, without
> any re-authentication. And Unix to Windows, or Unix to Unix works
> also in the same way.
You can do that without pa
[EMAIL PROTECTED] (hiroshi) writes:
> Javier Palacios ha scritto:
>> If you experience problems with MIT, try with heimdal. Configuration
>> only departs from non-ldap backend in the fact that you must supply an
>> ldap dbname in the database section.
> OK, I'll try. Thanks for the answers
Build
I am using SASL/GSSAPI to authenticate to Kerberos from OpenLDAP. I
haven't gotten that to work yet.
Almost all of the docs I found presume that I am setting up the KDC on
the same server at OpenLDAP. In my case, the KDC is administered by
another group who is willing to grant me access to Kerb
Wes Modes wrote:
> I am using SASL/GSSAPI to authenticate to Kerberos from OpenLDAP. I
> haven't gotten that to work yet.
>
Are you saying you want to use SASL/GSSAPI/Kerberos between a ldap client and
and ldapserver?
> Almost all of the docs I found presume that I am setting up the KDC on
>
hi - you always can do everything...it's a question about time ;-)
I did the "classic" way before using centrify, and it was "hell" to maintain:
manage the keytab, manage the "ad account", manage the NTP client to have the
right ticket session, etc...
Sylvain CORTES [EMAIL PROTECTED]
> From: [
I am using SASL/GSSAPI to authenticate to Kerberos from OpenLDAP. I
haven't gotten that to work yet.
Almost all of the docs I found presume that I am setting up the KDC on
the same server at OpenLDAP. In my case, the KDC is administered by
another group who is willing to grant me access to Kerb
To clarify.
To separate and modularize some of these services, we have three
servers: A file server running Samba; A directory server running
OpenLDAP to provide personal and group identities; and an authentication
server running Kerberos (administered by another group). Samba connects
to Open
Wes Modes wrote:
To clarify.
To separate and modularize some of these services, we have three
servers: A file server running Samba; A directory server running
OpenLDAP to provide personal and group identities; and an authentication
server running Kerberos (administered by another group). Sam
Jeffrey Altman wrote:
> Wes Modes wrote:
>> To clarify.
>> To separate and modularize some of these services, we have three
>> servers: A file server running Samba; A directory server running
>> OpenLDAP to provide personal and group identities; and an authentication
>> server running Kerberos (a
Let me rephrase what you are attempting to do. You want to authenticate
the LDAP query from the Samba client to the OpenLDAP server by sending a
username and password from Samba to OpenLDAP over a TLS protected
connection using SASL.
Instead of the LDAP server storing the password and using t
That is very close, though I'll make one minor correction.
>From Samba to OpenLDAP via TLS uses smbldap-tools and doesn't need
SASL. SASL with the GSSAPI mechanism will be what is used when the LDAP
server asks the Kerberos KDC if the password is valid.
Jeffrey Altman wrote:
> Let me rephrase w
A KDC does not speak GSSAPI nor SASL. A KDC issues tickets. You use
SASL-GSSAPI-KRB5 when you want to establish an authenticated connection
to an application service for which a service principal exists within
the KDC database. The KDC is not an application service.
Wes Modes wrote:
That i
>
> Hello All,
>
> I am looking for a way to enable users to get access to their space through
> the web browser.
> I would like to integrate it with our Kerberized SSO environment as well.
> I tried this module http://modauthkerb.sourceforge.net/ but I have
> encounter some issues:
>
> 1) I did
> "JE" == Jay Elvove <[EMAIL PROTECTED]> writes:
JE> Last month, a colleague of mine sent a message to the Windows
JE> Higher Ed list asking about possible problems authenticating
JE> certain Microsoft applications to an external KDC. We're getting
JE> ready to roll out our ve
Ok, this one has me a bit stumped...
We have a functioning production kerberos environment
that I'm trying to add a Solaris 11 (beta 79) client to.
The kdc in my immediate realm where the host principals
are located is a Solaris 9 host, and we have several working
Solaris 10 client machines with
29 matches
Mail list logo
