On 01/09/15 16:32, Russ Allbery wrote:
> Amit Thukral writes:
>
>> I am trying to implement kerberos authentication between clients and
>> windows KDC using certificates.
>
>> The product on which this needs to be implemented is a linux based
>> reverse proxy.
[...]
> If I'm understanding your pro
e.c
It doesn't address any of your concerns though, and I'd welcome
suggestions for a better approach.
(I'm using gss_acquire_cred_impersonate_name with protocol transfer
and constrained delegation.)
--
Alan Braggins
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On 23/09/16 15:50, Greg Hudson wrote:
> On 09/23/2016 03:52 AM, Isaac Boukris wrote:
>> Maybe we need a new gss name type oid like GSS_NT_ENTERPRISE_NAME,
>> though I guess it's more complicated than it sounds :)
>
> I think that might be reasonable for this use case. I've seen requests
> to be ab
Apparently I also have a broken mail that truncated most of that message.
I'll see if I can recover it.
From: Alan Braggins
Sent: 06 October 2016 19:45
To: Greg Hudson; Isaac Boukris; kerberos
Subject: Re: Using enterprise principal name in GSS-API
...@example.com
from IPv4:10.62.165.224 for PROXY/abraggins-00.example@example.com
[canonicalize, proxiable, forwardable]
2013-12-05T12:29:58 TGS-REQ authtime: 2013-12-05T12:25:15 starttime:
2013-12-05T12:29:58 endtime: 2013-12-06T12:25:15 renew till: unset
2013-12-05T12:29:58 sending 688 byte
On 05/12/13 12:33, Alan Braggins wrote:
> I want to use 1.11, because I want to use client keytab initiation.
And a followup question on client keytab initiation - it appears that
if I have no cached credential, then it works. But if I have a cached
credential that has expired, t
On 05/12/13 17:29, Greg Hudson wrote:
> On 12/05/2013 07:33 AM, Alan Braggins wrote:
>> I'm trying to use Constrained Delegation in GSS-API, and seem to have
>> hit the same "KDC has no support for padata type" problem described here:
>> h
I get a "make check" failure for ./t_pkinit.py:
kinit: Password incorrect while getting initial credentials
I'm running Ubuntu 12.04
Output from
PYTHONPATH=../util VALGRIND="" python ./t_pkinit.py -v
attached.
Any suggestions? Thanks.
*** [1] Executing: /space/workspace/abraggins/home/abraggi
On 23/01/14 20:47, Tom Yu wrote:
> Alan Braggins writes:
>
>> I get a "make check" failure for ./t_pkinit.py:
>> kinit: Password incorrect while getting initial credentials
[...]
> I can't seem to reproduce this on my x86_64 Ubuntu 12.04 VM. What CPU
>
I'm using Kerberos constrained delegation (s4u2proxy)
for a proxy server that is authenticating clients to a
Microsoft Active Domain server.
I'm using GSS-API because I want to end up with a SPNEGO
Authorization header, and SPNEGO is a GSS-API mechanism.
The user (client) principals I have to wor
On 03/07/14 19:38, Greg Hudson wrote:
> On 07/02/2014 05:36 AM, Alan Braggins wrote:
>> I'm using Kerberos constrained delegation (s4u2proxy)
>> for a proxy server that is authenticating clients to a
>> Microsoft Active Domain server.
>
> Can you explain more a
11 matches
Mail list logo
