On Fri, 29 May 2015, vishal wrote:
> My question is that why kvno is not always present in ticket and this
> ticket is basically which comes in TGS-RESP(from home domain) and sname is
> krbtgt for trusted domain in TGS-REQ.
>
> I see kvno only when new trust is created between domain and we join t
On Fri, May 29, 2015 at 04:51:37PM +, Brandon Allbery wrote:
> On Fri, 2015-05-29 at 11:45 -0400, Benjamin Kaduk wrote:
> > I don't have a definite answer for you, but:
> >
> > 1.7 is very old.
> >
> > 4294967295 is 0x is -1 as a 32-bit twos-complement integer
>
> For what it's worth
Hi,
I'm trying to set up the MIT Kerberos server (1.12.2 / Fedora 21) to PKINIT
from my organizations' smart cards.
They have a MS user principal name of the form: 12001000550...@fedidcard.gov
I tried creating a realm "FEDIDCARD.GOV" with a user principal 12001000550281.
This resulted in a cli
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.12.4. Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.
RETRIEVING K
On Mon, Jun 01, 2015 at 02:11:32PM -0400, Benjamin Kaduk wrote:
> On Fri, 29 May 2015, vishal wrote:
> > My question is that why kvno is not always present in ticket and this
> > ticket is basically which comes in TGS-RESP(from home domain) and sname is
> > krbtgt for trusted domain in TGS-REQ.
>
On Mon, Jun 01, 2015 at 10:04:46PM +, Nordgren, Bryce L -FS wrote:
> I then tried creating a "12001000550...@fedidcard.gov" principal in my
> realm. Unfortunately, I cannot kinit using the principal
> "12001000550...@fedidcard.gov@FEDIDCARD.GOV". kinit gives a "Malformed
> representation of pri
Kerberos operators and administrators are invited to a public monthly
operations-focused teleconference. These take place the first Tuesday
of each month at 13:00 (1:00pm) US Eastern Time. The next one will be
on June 2nd.
This is an opportunity for operators or administrators of Kerberos
deploy
> $ kinit '12001000550281\@fedidcard@fedidcard.gov'
Thanks! Making progress!
It now prints a single backslash when describing the principal, both in errors
emitted from kinit and the "listprincs" command in kadmin.local. However, I'm
back to "client name mismatch" out of kinit, presumably b
Bryce
Its either 12001000550...@fedidcard.gov or
its 12001000550...@fedidcard.gov
as far as your shell escaping with a \, in a command line you will not
escape the @, if you are scripting it, you might.
to the left of the @ is the principal name, traditionally lowercase. To
the right is the R
