I ran "krb5_newrealm" to initialise the KDC database.
This give the following useful tips:
++
# krb5_newrealm
This script should be run on the master KDC/admin server to initialize
a Kerberos realm. It will ask you to type in a master key password.
Hi all,
I´ve been trying to configure Kerberos delegation on a Windows 2003 domain but
I haven't got any good result yet. I followed a Microsoft Document on [1] to
configure Kerberos in order to build a .NET 2.0 SOA solution. The following is
the Kerberos trace when I try to access page A in a
On 2/29/08, Lima Valdes Emil <[EMAIL PROTECTED]> wrote:
> Kerberos trace:
> 500.652> Kerb-Warn: KerbGetTgsTicket failed to unpack KDC reply: 0x3c
> HTTP a_service.smnyl.com.mx
Hi Emil,
All of your diagnostics are very Windows specific which isn't going to
translate well here. You might try t
There might be one exception. If I remember right to login onto
OpenSolaris/Solaris 10 with a non kerberised client (e.g. console) using
pam_krb5 requires a root principal to login as root or at least have a dummy
root principal key in the keytab to pass to the next pam module.
Markus
"Richard
Earlier I asked a few questions about OpenLDAP authenticating via
Kerberos. I'm going to back up a bit and ask a more general question to
ensure I have an adequate understanding to go further into the details
of a solution.
On a Kerberos list I was asking for a little bit of help, and the answ
Wes Modes <[EMAIL PROTECTED]> writes:
> In general, I am trying to authenticate a login and password received
> via an OpenLDAP client (in this case SMB via the smbldap-tools) with the
> logins and passwords held in a Kerberos server elsewhere. Is this a
> legitimate use of these services?
Well,
>> But on an OpenLDAP list I got:
>>
>> There is an ugly hack: having a userPassword field with
>> "{SASL}" in LDAP you can employ saslauthd's
>> Kerberos backend. We use it as a crutch for a web application which
>> can only authenticate against an LDAP directory
>>
>
> And w
Wes Modes <[EMAIL PROTECTED]> writes:
> Where does one get more info on this ugly hack?
>
> What you described is precisely what I was hoping for. However, I hoped
> it would be commonplace and elegant. But ugly hacks have their place.
Good question. It's remarkably absent from the OpenLDAP m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I initially sent this to krbdev, but in retrospect it probably more
rightly belongs here.
Hello,
I am attempting to set up pkinit authentication with the kerberos 1.6.3
code, and havind trouble figuring out what is needed to get the kinit
client to u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hmmm The cascading credentials code sounds interesting, but raises
the practical question of how does one deal with derived credentials.
For example some sites configure the pam_session code to use delegated
krb5 credentials to acquire additional c
Matthew Andrews <[EMAIL PROTECTED]> writes:
> Hmmm The cascading credentials code sounds interesting, but raises
> the practical question of how does one deal with derived credentials.
> For example some sites configure the pam_session code to use delegated
> krb5 credentials to acquire additi
On Fri, Feb 29, 2008 at 5:56 PM, Matthew Andrews <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I initially sent this to krbdev, but in retrospect it probably more
> rightly belongs here.
>
>
> Hello,
>
> I am attempting to set up pkinit authentication with th
Victor Sudakov wrote:
> What could be the reason that I cannot telnet from FreeBSD to Solaris 10
> with the following error:
> Connected to oracle.sibptus.tomsk.ru.
> Escape character is '^]'.
> [ Trying mutual KERBEROS5 (host/[EMAIL PROTECTED])... ]
> [ Kerberos V5 refuses authentication because
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| Matt,
| The obvious question is whether your KDC is properly configured for
| pkinit? Also, is the client configured to require preauthentication?
| If so, the KDC should offer the pkinit preauth method to the client in
| a preauth-required message
14 matches
Mail list logo
