>Subject: GSS Server without secret key?
>From: Oliver Schoett <[EMAIL PROTECTED]>
>Date: Thu, 06 Nov 2003 12:17:03 +0100
>Organization: "sd&m AG, Muenchen, Germany"
>To: [EMAIL PROTECTED]
>
>I have been playing with the Sun GSS/Kerberos sample code in
>
>http://java.sun.com/j2se/1.4.2/docs/guide/s
>To: sam <[EMAIL PROTECTED]>
>References: <[EMAIL PROTECTED]>
>From: Sam Hartman <[EMAIL PROTECTED]>
>Date: Mon, 01 Dec 2003 08:37:09 -0500
>cc: [EMAIL PROTECTED]
>Subject: Re: Problem with setting up Kerberos server
>
>> "sam" == sam <[EMAIL PROTECTED]> writes:
>
>sam> Dear all, I don't k
>From: Mark Hannessen <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Date: Fri, 10 Dec 2004 14:27:30 +0100
>
>I am trying to setup a kerberos v5 only cyrus imap server.
>that is: I would like all autherisation to be done by gssapi/kerberos.
...
>does anybody have a suggestion where I should look nex
r I've no idea how long it will take to track this down in
the code...
>> [EMAIL PROTECTED] root]# kadmin
>>
>> Authenticating as principal userhidden/[EMAIL PROTECTED] with password.
>>
>> kadmin: Database error! Required KADM5 principal missing w
On Thu, 3 Feb 2005, Tom Yu wrote:
> From: Tom Yu <[EMAIL PROTECTED]>
> To: Dennis Davis <[EMAIL PROTECTED]>
> Cc: Mike Dopheide <[EMAIL PROTECTED]>, kerberos@mit.edu
> Date: Thu, 03 Feb 2005 13:15:54 -0500
> Subject: Re: KADMIN error
...
> Ok, that is v
e addprinc, ktadd etc commands in kadmin.
Specify one or more of the encryption types specified in the System
Administrator's Guide. For example:
addprinc -e "rc4-hmac:normal des-cbc-md4:normal" ...
(Oh boy, I hope I've got that right. Never used it myself, always
relied
t the
--disable-thread-support argument to configure isn't being fully
obeyed and some thread support is being picked up. I haven't even
thought about how I'd look into this.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
.c.origMon Jul 18 23:12:42 2005
--- ./src/lib/gssapi/krb5/import_name.c Thu Aug 11 10:06:34 2005
***
*** 39,44
--- 39,48
#include
#endif
+ #ifdef __OpenBSD__
+ #include
+ #endif /* __OpenBSD__ */
+
/*
* errors:
* GSS_S_BAD_NAMETYPE if the type is bogus
Something
On Thu, 11 Aug 2005, Vladimir Terziev wrote:
> From: Vladimir Terziev <[EMAIL PROTECTED]>
> To: Dennis Davis <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED], kerberos@mit.edu
> Date: Thu, 11 Aug 2005 13:29:04 +0300
> Subject: Re: Unable to build 1.4.2 on FreeBSD
>
>
icating users. I wasn't responsible
for building the servers so I'm not that familiar with the code.
But I suspect that it may well be using saslauthd.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On Tue, 22 Nov 2005, Turbo Fredriksson wrote:
> From: Turbo Fredriksson <[EMAIL PROTECTED]>
> To: kerberos@mit.edu
> Date: Tue, 22 Nov 2005 17:30:54 +0100
> Subject: Re: that interop mess: ldap, samba, kerberos
>
> Quoting Dennis Davis <[EMAIL PROTECTED]>:
...
f USE_DLOPEN */
As a Quick'N'Dirty fix, can I just alter the above to:
#define USE_DLOPEN 1
after the configuration and just before the build?
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On Mon, 17 Jul 2006, Ken Raeburn wrote:
> From: Ken Raeburn <[EMAIL PROTECTED]>
> To: Dennis Davis <[EMAIL PROTECTED]>
> Cc: kerberos@mit.edu
> Date: Mon, 17 Jul 2006 09:06:32 -0400
> Subject: Re: Unable to find requested database type
>
> On Jul 17, 2006, at 05
onfiguration and *before* the main build:
#!/bin/sh
for i in \
./plugins/kdb/db2/libdb2/hash \
./plugins/kdb/db2/libdb2/db \
./plugins/kdb/db2/libdb2/mpool \
./plugins/kdb/db2/libdb2/btree \
./plugins/kdb/db2/libdb2/recno \
./plugins/kdb/db2/libdb2/clib
do
(cd $i; make OBJS.S
.
They're all using versions of gcc, perl5 of some description and the
OS-native version of make. But, as usual, I haven't a clue why two
should give this problem and one doesn't.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone:
mail-reply/
for a project which targets the Reply-To address. I also believe
the Sanesecurity anti-phishing signatures at:
http://www.sanesecurity.com/
will defend against some of these attacks.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk
the desired interface are allowed and all others are
denied.
I'd also be strongly tempted to make pre-authentication the default
on all principals if offline-password-attacks are a worry.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk Phone: +4
etails are considered
sensitive.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk Phone: +44 1225 386101
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
hy this is so. However we currently don't want
+preauth set on service principals. Just in case we have old "user"
principals still without +preauth. This shouldn't be the case,
We're just being cautious. So this "wrong" behaviour in older
software is fine with us.
-
version of kerberos earlier than this. Typically RedHat6 comes with
an earlier version of kerberos.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk Phone: +44 1225 386101
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
of obsolete principals from our MIT
kerberos database using such perl program built against the above
perl modules. Worked a treat.
In a similar vein, we've recently introduced a simple default
kerberos policy to add password histories to our kerberos
principals. I used a perl program to r
st in theory, Microsoft's Active Directory.
Shudder, I wouldn't want to go back.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk Phone: +44 1225 386101
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
response. This page:
http://serverfault.com/questions/132123/how-to-change-the-kerberos-default-ticket-lifetime
may also be useful.
--
Dennis Davis
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
supported for all Kerberos
operations, they are not supported by very old versions of our
GSSAPI implementation (krb5-1.3.1 and earlier). Services running
versions of krb5 without AES support must not be given AES keys in
the KDC database.
--
Dennis Davis
supported for all Kerberos
operations, they are not supported by very old versions of our
GSSAPI implementation (krb5-1.3.1 and earlier). Services running
versions of krb5 without AES support must not be given AES keys in
the KDC database.
--
Dennis Davis
>Date: Wed, 15 Aug 2001 11:52:17 + (GMT)
>From: Rich King <[EMAIL PROTECTED]>
>X-X-Sender: <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: building on BSD
>
>Having some problems compiling the source on an OpenBSD system.
>Has anyone had any luck with this?
Yes. I've a test K5 database
>From: Paul Johnson <[EMAIL PROTECTED]>
>Subject: Scripting kadmin
>Date: Mon, 19 Nov 2001 12:00:01 GMT
>To: [EMAIL PROTECTED]
...
>This would seem to mean calling kadmin and getting the
>administrator to authenticate. But I can't get it to work. kadmin
>seems not to be reading the admin passwo
>From: Marcio d'Avila Scheibler <[EMAIL PROTECTED]>
>To: Wyllys Ingersoll <[EMAIL PROTECTED]>, Someone <[EMAIL PROTECTED]>
>cc: [EMAIL PROTECTED]
>Subject: Re: Problems using Kerberos telnet
>Date: Thu, 21 Mar 2002 14:28:45 -0300 (GRNLNDST)
>
>I've seen in somewhere you must configure your system
>From: Josh Huber <[EMAIL PROTECTED]>
>Newsgroups: gmane.comp.encryption.kerberos.general
>Subject: host/*@REALM tickets with ssh, DNS
>Reply-To: Josh Huber <[EMAIL PROTECTED]>
>Date: Fri, 09 Aug 2002 11:38:30 -0400
...
>I have a few general questions:
>
>1) Here is the output from klist after l
29 matches
Mail list logo
