Re: GSSAPI x Kerberos

2003-07-15 Thread Douglas E. Engert
to de Santana - São Paulo - SP > Telefones: (11) 6978-5253 / (11) 6978-5262 > Fax: (11) 6971-3115 > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert

Re: KRB 1.3 on AIX

2003-07-15 Thread Douglas E. Engert
PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Windows 2000 Server as KDC

2003-07-16 Thread Douglas E. Engert
ED] > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTE

Re: unresolved external symbol __imp__GSS_C_NT_HOSTBASED_SERVICE forkerberos 1.3 windows version

2003-07-16 Thread Douglas E. Engert
Kent > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (6

Re: SSPI Kerberos Window NT 4.0

2003-07-30 Thread Douglas E. Engert
> Dante M Burruss > Department of State > 703-875-4077 > Unclassified > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED

Re: Can credentials from different realms be put in the same /tmp/krb5cc_ file?

2003-07-31 Thread Douglas E. Engert
ECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Interoperability with windows 2003 KDC and MIT kerberos V

2003-08-14 Thread Douglas E. Engert
to what strig-to-key is being used. > > please tell me how to do. > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argo

Re: Cross realm authentication

2003-08-18 Thread Douglas E. Engert
Phone: 970-491-0630 > Engineering Network ServicesFax: 970-491-5569 > College of Engineering, CSU > Ft. Collins, CO 80523-1301 > > All I want is a chance to prove 'Money can't buy happiness'" > > > Ker

Re: MIT & SEAM Kerberos compatibility

2003-08-25 Thread Douglas E. Engert
ADME.GSSKLOG ftp://achilles.ctd.anl.gov/pub/DEE/gssklog-0.8.tar > > TIA for your answers. > > Regards, > > Jerome Walter > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/lis

Re: Why sometimes we got credential /tmp/krb5cc__xxxx?

2003-09-05 Thread Douglas E. Engert
hanks. Its a feature not a problem. > > Grace > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Labo

Re: kerberos ftpd bug? can't get it to work (New, sort of)

2003-10-06 Thread Douglas E. Engert
t/[EMAIL PROTECTED] > > ...Now someone (Ken Hornstein) suggested that I turn on logging for > ftpd to log to the syslog. This was supposed to give me more > information about the error. I now have ftpd logging to syslog but no > new info; the same error is showing up in the syslog now. > __

Re: kerberos ftpd bug? can't get it to work (New, sort of)

2003-10-07 Thread Douglas E. Engert
real ream name, one can not determine if your problem is caused by your changing the names or something else. > > thanks again all... > > [EMAIL PROTECTED] ("Douglas E. Engert") wrote in message news:<[EMAIL PROTECTED]>... > > One other thing to watch is the

Re: service name restrictions in AD? problem with kca_service

2003-10-13 Thread Douglas E. Engert
name. This did not work > when I recently tried on a 2003 Server. > > Dirk. > > -- > Dr. Dirk Pape (Leiter des Rechnerbetriebs) > FB Mathematik und Informatik der FU-Berlin > Takustr. 9, 14195 Berlin > Tel. +49 (30) 838 75143, Fax. +49 (30) 838 75190 > _________

Re: GSS Server without secret key?

2003-11-07 Thread Douglas E. Engert
s necessary to > prove so, but not enough. About the server requirement for a key, my > suggestion is for reading some documentation on how kerberos works, > i.e., do the home work. > > best regards. > ____________ > Kerberos mailing

Re: Thanks: GSS Server without secret key?

2003-11-07 Thread Douglas E. Engert
___ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___

Re: Kerberos and gssapi

2003-11-10 Thread Douglas E. Engert
> Do you Yahoo!? > Protect your identity with Yahoo! Mail AddressGuard > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PR

Re: Banners in Kerberized services

2003-12-10 Thread Douglas E. Engert
gt; > I am quite new to Kerberos and truly appreciate any help you might be > able to give > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EM

Re: Error while rrunning GSSAPI samples using SEAM (No principal inkeytab matches desired name )

2003-12-12 Thread Douglas E. Engert
t; Regards > Vikas > ____________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne

Re: Error while rrunning GSSAPI samples using SEAM (No principal inkeytab matches desired name )

2003-12-15 Thread Douglas E. Engert
QDMS.CO.IN= { > kdc = beetle.qdms.co.in:88 > admin_server = beetle.qdms.co.in > default_realm = QDMS.CO.IN > } > [capaths] > QUARK.CO.IN = { > QDMS.CO.IN = . > } > QDMS.CO.IN = { >

Re: kinit in cross domain and cross realm

2003-12-15 Thread Douglas E. Engert
SDK) samples > successfully using SEAM KDC and ADSI kdc. Also I am able to ru the > GSSAPI samples with SEAM successfully. > > Regards > Vikas > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Proxiable tickets

2003-12-17 Thread Douglas E. Engert
_______ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Why NOMSPAC is a valuable temporary inclusion in kerberos

2003-12-24 Thread Douglas E. Engert
> Without -m it doesn't get as far as trying to contact kca. > > Bob > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue

Re: kerbers + secure crt + xp

2004-01-05 Thread Douglas E. Engert
[EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list

Windows 2003 and kvno in tickets

2004-01-14 Thread Douglas E. Engert
. We have not found the AD command to look at what kvno is in the AD. Anyone know the command? -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerbe

Re: Windows 2003 and kvno in tickets

2004-01-15 Thread Douglas E. Engert
that is from the client side. Jeffrey Hutzelman wrote: > > On Wednesday, January 14, 2004 16:22:09 -0600 "Douglas E. Engert" > <[EMAIL PROTECTED]> wrote: > > > > > We recently upgraded one of our Windows AD servers to 2003. We have a > > number of ser

Re: krb5.conf and cross-realm authentication

2004-01-15 Thread Douglas E. Engert
ould need the capaths. > > [capaths] > NOT.WIN.AD = { > WIN.AD = . > } > WIN.AD = { > WIN.AD = . > } > > thanks, > ...Mike > > > Kerberos mailing list [EMAIL PROTECTED] > ht

OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos

2004-01-26 Thread Douglas E. Engert
d encourage the builders of OpenSSH to always have this enabled. -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list [E

Re: [OpenAFS-devel] OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos

2004-01-26 Thread Douglas E. Engert
Jeffrey Altman wrote: > > Douglas E. Engert wrote: > > >In its simplest form, all that is needed is: > > > > system("/usr/ssh/libexec/aklog -setpag") > > > > > You would probably want this to be a configurable option in the sshd > configu

Re: [OpenAFS-devel] OpenSSH, OpenAFS, Heimdal Kerberos and MITKerberos

2004-01-26 Thread Douglas E. Engert
light of day before this release. > > - Ben > > On Mon, 26 Jan 2004, Douglas E. Engert wrote: > > > > > > > Jeffrey Altman wrote: > > > > > > Douglas E. Engert wrote: > > > > > > >In its simplest form, all that is

Re: [OpenAFS-devel] OpenSSH, OpenAFS, Heimdal Kerberos and MITKerberos

2004-01-26 Thread Douglas E. Engert
the password only one time, and then navigate with ssh between enabled > machines without password - all this while preserving K5 creds and > automatically obtaining AFS tokens. > > Andrei. > > On Mon, 26 Jan 2004, Douglas E. Engert wrote: > > > Rather then implementing

Re: OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos

2004-01-26 Thread Douglas E. Engert
Kerberos has tried to tie > in to them rather than import the PAG concept. Any authenticated file system will have the same problem, be it AFS, DFS, NFSv4... These was some discussion of PAGs on one of the Linux mailing lists. The question came of what are the credentials for accessing the local

Re: [OpenAFS-devel] OpenSSH, OpenAFS, Heimdal Kerberos and MITKerberos

2004-01-26 Thread Douglas E. Engert
Does your ssh_config file have: GSSAPIDelegateCredentials yes or you need to specify on the command line. -o Andrei Maslennikov wrote: > > Hi Douglas, and thanks for your comment. > > On Mon, 26 Jan 2004, Douglas E. Engert wrote: > > > > > 1) ssh to host A,

Re: Kerberos vs. LDAP for authentication -- any opinions?

2004-01-29 Thread Douglas E. Engert
ros or LDAP for authentication in a large heterogeneous > environment? > > Any info is, of course, greatly appreciated. > > - C > > -- > Email: [EMAIL PROTECTED] > > Kerberos mailing list [EMAIL PROTECTED] > https://m

Re: service principals in AD fro unix kerberos clients

2004-01-30 Thread Douglas E. Engert
formatik der FU-Berlin > Takustr. 9, 14195 Berlin > Tel. +49 (30) 838 75143, Fax. +49 (30) 838 75190 > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PR

Re: Kerberos vs. LDAP for authentication -- any opinions?

2004-01-30 Thread Douglas E. Engert
"Dr. Greg Wettstein" wrote: > > On Jan 29, 8:45am, "Douglas E. Engert" wrote: > } Subject: Re: Kerberos vs. LDAP for authentication -- any opinions? > > > Many of the Browser issues can be addressed by Kx509 from the > > Univrsity of Michigan.

Re: OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos

2004-01-30 Thread Douglas E. Engert
_PATH_AFS_EXTERNAL_PROGRAM=\"$(AFS_EXTERNAL_PROGRAM)\" \ -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \ -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \ -D_PATH_SSH_PIDDIR=\"$(piddir)\" \ "Douglas E. Engert" wrote: > > Rather

Re: Kerberos vs. LDAP for authentication -- any opinions?

2004-02-02 Thread Douglas E. Engert
snow. > > I hope the following attributions are correct. Additional comments > below. > > > > On Jan 29, 8:45am, "Douglas E. Engert" wrote: > > > } Subject: Re: Kerberos vs. LDAP for authentication -- any opinions? > > > > > >> Many o

Re: Credentials for an arbitrary user.

2004-02-03 Thread Douglas E. Engert
___ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _

Re: Credentials for an arbitrary user.

2004-02-03 Thread Douglas E. Engert
uld be a way to do this. (I have one that works with krb5-1.3.2, and follows the GGF draft.) > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL

Re: [domain_realm] question

2004-02-05 Thread Douglas E. Engert
e thought needs to be given to > scalability issues Kerberos faces in large heterogenous environments. I use cross realm every day. You must be missing something. > > Kerberos mailing list [EMAIL PROTECTED] > https://mai

Re: Authentication In Redhat

2004-02-12 Thread Douglas E. Engert
> James Walthall Jr > IBM - Host Integration Server Test IDD and BETA > Outside: (919) 254-8869 > Tieline: 444-8869 > Research Triangle Park > Raleigh, North Carolina > ____ > Kerberos mailing list [EMAIL PROTECTED] >

Re: Windows AD and MIT KDC Cross-Realm Trust

2004-02-13 Thread Douglas E. Engert
any ideas (or if this is off topic, can someone tell me a > newsgroup where I an find this out at?) > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <

Re: Windows AD and MIT KDC Cross-Realm Trust

2004-02-16 Thread Douglas E. Engert
? What does ksetup on the workstion show? > ________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9

Re: Fwd: Re: Kerberos error authenticating from Unix to Windows AD

2004-02-19 Thread Douglas E. Engert
wrong? > > > > thank you, > > > > Tyson Oswald > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argon

Re: Fwd: Re: Kerberos error authenticating from Unix to Windows AD

2004-02-19 Thread Douglas E. Engert
list -f -e Then try kinit -S t/[EMAIL PROTECTED] which will ask for your user and password, then try and get a service ticket for the host. Also look at the /etc/krb5.conf file. (I think SEAM uses the same locaiton.) > > thanks, > > Tyson Oswald > > "Douglas E.

Re: Generating KRB5 keytab Ticket

2004-02-23 Thread Douglas E. Engert
; Aborted. > > If someone is help me out here as to why I am getting these error messages I > would appreciate it. > > Thanks, > > Puneet > > > -- > Puneet Talwar > Unix Administrator > > __

Re: compiling error

2004-02-25 Thread Douglas E. Engert
x27;0x2' > Stop. > NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual > Studio\VC98\Bin\NMAKE.EXE"' : return code '0x2' > Stop. > NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual > Studio\VC98\Bin\NMAKE.EXE"' : return code '0x2' > Stop. > > - > > i looked at the source code, but i'm not very familiar with c! thx > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Need help with compiling gss-api into patched openssh

2004-02-25 Thread Douglas E. Engert
ke care of that? > > Thanks for any help. > > Scott > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne Nat

Re: Need help with compiling gss-api into patched openssh

2004-02-25 Thread Douglas E. Engert
Scott Ehrlich wrote: > > On Wed, 25 Feb 2004, Douglas E. Engert wrote: > > > Date: Wed, 25 Feb 2004 09:56:53 -0600 > > From: Douglas E. Engert <[EMAIL PROTECTED]> > > To: Scott Ehrlich <[EMAIL PROTECTED]> > > Cc: [EMAIL PROTECTED] > > Subject

Re: Need help with compiling gss-api into patched openssh

2004-02-25 Thread Douglas E. Engert
Sam Hartman wrote: > > >>>>> "Douglas" == Douglas E Engert <[EMAIL PROTECTED]> writes: > > Douglas> OpenSSH-3.8 released yesterday contains the gssapi > Douglas> patch. It also contains changes to use the krb5-config, > Douglas

Re: Need help with compiling gss-api into patched openssh

2004-02-25 Thread Douglas E. Engert
Sam Hartman wrote: > > >>>>> "Douglas" == Douglas E Engert <[EMAIL PROTECTED]> writes: > > Douglas> That may be true. But just getting the OpenSSH people to > Douglas> add the the gssapi authenticaiton to OpenSSH-3.8 was a > Do

Re: Krb5-1.3.2 and HPUX 11i

2004-03-03 Thread Douglas E. Engert
warning 527: Integral value > implicitly converted to pointer in assignment. > cc: "../../../include/foreachaddr.c", line 555: warning 563: Argument #3 is > not the correct type. > cc: "../../../include/foreachaddr.c", line 550: error 1563: Expression in if > mu

Re: Krb5-1.3.2 and HPUX 11i

2004-03-04 Thread Douglas E. Engert
Do you have IPv6 on any HP_UX11i? If so you might be able to test a real fix for this problem. Peter Losher wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Wednesday 03 March 2004 03:58 pm, Douglas E. Engert wrote: > > I saw this last week and sent in a

Re: Krb5-1.3.2 and HPUX 11i

2004-03-05 Thread Douglas E. Engert
Peter Losher wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Wednesday 03 March 2004 03:58 pm, Douglas E. Engert wrote: > > I saw this last week and sent in a patch to at least get it to run > > on 11i. > > Thanks, got further along, worked a

Re: Different Services, Different Realms, but One Host

2004-03-11 Thread Douglas E. Engert
the keys for the others in > > ms419> another. Any problems with these premises? > > > > Yes. Current Kerberos implementations assume a host belongs to one > > realm. You'll find it difficult to actually do this. > > > > Also, users will end up having mu

Re: kpasswd for DCE KDC

2004-03-12 Thread Douglas E. Engert
it commands to reset the user's password. If you are intetrested I can send them. > > Thanks for advance. > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -

Re: MIT KDC for windows

2004-03-19 Thread Douglas E. Engert
ssing the mark here, what should I do to make it work? > You can override the default location by setting the KRB5_CONFIG in the environment to point at the krb5.conf. > -- > Thanks, > Ish-Lev Avshalom > > ____________ > Kerbero

Re: Authentication to AD from different domains

2004-03-24 Thread Douglas E. Engert
to believe that we are the only shop which is configured in this > manner. > > If anyone has any insight on how to solve this problem/error and would be willing to > share their resolution we would appreciate hearing from you. > > Thank you, > -Butch > > > ___

Re: Problem with auth via keytab w/ w2k3 KDC, works fine with w2k DC

2004-04-07 Thread Douglas E. Engert
Missouri - Rolla Phone: (573) 341-6679 > UMR Information Technology Fax: (573) 341-4216 > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E.

Re: Cross-realm issue - what am I missing?

2004-04-14 Thread Douglas E. Engert
t; Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos

Re: key extraction for AFS kaserver

2004-04-15 Thread Douglas E. Engert
technic Institute > phone: 518 276-6415 fax: 518 276-2809 > > http://www.rpi.edu/~bacchi/ > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <

Re: kinit programming

2004-04-19 Thread Douglas E. Engert
this be done using gss-api > > calls or kerberos calls? > > > > any insights are much appreciated. thanks! > > have a nice weekend guys! > > > > melissa > ____________ > Kerberos mailing list [EMAIL PROTECTED] > https

Re:

2004-04-19 Thread Douglas E. Engert
_ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _

Re: kinit sending clear text password

2004-04-21 Thread Douglas E. Engert
comment, the Sun pam_krb5 when passed the debug option writes the password to syslog! This is not a good praticis even when testing. > > -- > Will Fiveash > Sun Microsystems Inc. > Austin, TX, USA (TZ=CST6CDT) > ____________ > Kerberos

Re: SEAM krb API

2004-04-21 Thread Douglas E. Engert
ill support delegated credentials and authorization > facilities that are on par with kerberized in.telnetd/in.rlogind. > > I'm not sure which Solaris 10 beta or Solaris Express release this will > show up in, but do look for it soon. > > I'll update this list as soon as

Re: OpenSSH, GSSAPI and delegating credentials

2004-05-11 Thread Douglas E. Engert
0: new [client-session] > | debug1: Entering interactive session. > ` > > Any ideas why this is not working? > > -Eric > -- > "Excuse me --- Di Du Du Dh Di Dii --- Huh Weeeh" (Albert King

Re: authenticating to AD from linux login

2004-05-05 Thread Douglas E. Engert
ould I add pam_ldap? I modified the nsswitch.conf. what else does it > > want from m? hehehe :D > > > > well, any insight is much appreciated. thanks! > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit

Re: Cross-realm authentication?

2004-05-19 Thread Douglas E. Engert
Encoding: 7bit > Description: This is a digitally signed message part > > > --- > > Kerberos mailing list

Re: kinit des and Win2k

2004-05-24 Thread Douglas E. Engert
1.3.x for better interoperability with Windows. > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700

Re: Kerberos configuration with external DNS server.

2004-05-27 Thread Douglas E. Engert
__ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 __

Re: RBAC and Kerberos?

2004-06-02 Thread Douglas E. Engert
; Thanks > > Bart > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass

Re: step by step guide for Windows 2003 Server and MIT Kerberos trust?

2004-06-09 Thread Douglas E. Engert
type. They both have the same key, and kvno but different enctypes. (Microsoft should have had two flags.) > > thanks > > Dominik > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/ma

Re: step by step guide for Windows 2003 Server and MIT Kerberos trust?

2004-06-10 Thread Douglas E. Engert
Jeffrey Altman wrote: > Douglas E. Engert wrote: > > > > "D. Schikora" wrote: > > > >>Hallo > >> > >>Is there anywhere one guide for Kerberos and Windows 2003 Server. I can only > >>find the old one for W2K and I hope there ar

Re: step by step guide for Windows 2003 Server and MIT Kerberostrust?

2004-06-10 Thread Douglas E. Engert
Jeffrey Altman wrote: > Douglas E. Engert wrote: > > The AD should know what types are acceptable to the SERVER and select one > > of these which is in the list provided by the client, or ignore the client or fail. > > This is correct. > > > I have seen cases wh

Re: generating keytab problem

2004-06-10 Thread Douglas E. Engert
[EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos

Re: SSO: Is a credential needed on the server ?

2004-06-11 Thread Douglas E. Engert
rypted in the key of the server that is in the keytab file. The server must decrypt parts of the ticket to verify thet user, and to get the session key to be used later. > > > Thanks, > Claude > > > Kerberos mailing list [E

Re: Solaris9 server as client

2004-06-20 Thread Douglas E. Engert
> Computer Systems Mgr/WebCT Admin > Texas A&M University at Galveston > 200 Seawolf Parkway > Galveston, Texas 77553 > (409) 740-4961 > Fax (409) 740-4450 > > ____ > Kerberos mailing list [EMAIL PROTECTED] > https

Re: Solaris9 server as client

2004-06-21 Thread Douglas E. Engert
t my problem, I was responding to the e-mail of others. The problem was with kinit not finding the KDC which should have nothing to do with PAM. > > Hth, > > Pierre Goyette > Hummingbird Ltd. > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL P

Re: Windows AD and MIT KDC Cross-Realm Trust

2004-07-22 Thread Douglas E. Engert
service ticket from that realm. > > It would be great if anyone can give me a hint what to do next. > > Thanks Schikora > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Kerberos Configuration

2004-07-23 Thread Douglas E. Engert
please give me a step-by-step guidelines on setting up my > Server and Client boxes? > > Thanks > Gururaj, > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E

Re: AW: Windows AD and MIT KDC Cross-Realm Trust

2004-07-23 Thread Douglas E. Engert
service in his Kerberos database. Question is why not and how he chooses > which service is in which realm. DNS Lookup? I believe the AD uses the Forest's Global catalog, or some other forest to forest protocol. But not that this is MS only. It is not clear if the AD has a way to refer you to

Re: Solaris pam-krb5 client and MIT krb5 KDC on Linux (Eliot Lebsack)

2004-07-27 Thread Douglas E. Engert
AM for Solaris 8, and still had the > >> same problem. > >> > >> Regards, > >> > >> Eliot > >> > >> ========== > >> Eliot Lebsack (781) 271-5830 > >> Lead

Re: tickets not showing up

2004-07-27 Thread Douglas E. Engert
have to point at this, or set the KRB5CCNAME to point at it. . > > > --David > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECT

Re: Architecture Question between Windows 2003 and Unix Mit KerberosServer

2004-07-27 Thread Douglas E. Engert
ft.com/windows2000/techinfo/planning/security/kerbsteps.asp > > > Thanks to help me > > > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Ca

Re: ACLs question

2004-07-28 Thread Douglas E. Engert
list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos

Re: failed to create kerberos key: 5

2004-07-29 Thread Douglas E. Engert
t > - Guy de > Maupassant - > > __ > Do You Yahoo!? > Tired of spam? Yahoo! M

Re: Kerberos Configuration

2004-07-29 Thread Douglas E. Engert
client machine. Do I need to start that service for any reasons No, the KDC is only run on the domain controllers. > > Thanks in adv. Most Windows domain users never heard of Kerberos, and don't need to know it is even there. > > Regards, > Gururaj > > [EMAIL PR

Re: Problems with windows 2003 KDC and MIT kerberos

2004-07-29 Thread Douglas E. Engert
is frustrating because I had the system working correctly > prior to upgrading the KDC to a windows 2003 machine. I need some > suggestions on where to look next. > ____ > Kerberos mailing list [EMAIL PROTECTED] > https://mailma

Re: failed to create kerberos key: 5

2004-07-30 Thread Douglas E. Engert
Lara Adianto wrote: > > --- "Douglas E. Engert" <[EMAIL PROTECTED]> wrote: > > > > > > > Lara Adianto wrote: > > > > > > Hi, > > > > > > I have a strange problem with cross-realm > > authentication. > >

Re: failed to create kerberos key: 5 (KRB5KDC_AP_ERR_MODIFIED)

2004-08-02 Thread Douglas E. Engert
assword anymore to > access test_w2kserver). -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos

Re: kinit fails <----

2004-08-09 Thread Douglas E. Engert
ECTED] https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list [EMAIL PROTE

Re: Question: want different default_realm for service and user principles

2004-08-12 Thread Douglas E. Engert
er.conf /krb5/sbin/ftpd -l -a I would appreciate every hint. The other approach for our problem would be to find or implement an RPC on the windows server running AD, which like kadmin/kadmind enables admins to create SPNs remotely and transfer keytab securely to the service host. last question:

Re: Problem changing expired Windows 2000 passwords

2004-08-17 Thread Douglas E. Engert
it is. Some idea??? Tnks! []s! Rodolfo Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Av

Re: Can't get ssh over k5/afs working well

2004-08-17 Thread Douglas E. Engert
incompatible. Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (63

Using Windows AD generated Kerberos tickets without a PAC

2004-08-18 Thread Douglas E. Engert
versions that do not support TCP to the KDC. "An update is available that introduces the NO_AUTH_REQUIRED flag to the UserAccountControl property in Windows 2000" http://support.microsoft.com/?kbid=832572 -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory

Re: Using Windows AD generated Kerberos tickets without a PAC

2004-08-19 Thread Douglas E. Engert
It is only activated for an account when the NO_AUTH_DATA_REQUIRED flag is set. The widespread deployment of KDCs under the guise of Active Directory provides a great opportunity for kerberos. Hopefully we can soon put PAC problems behind us and realise our SSO dreams. Bob -- Douglas E. Engert <[EMAIL PROTECTED

Re: GSSAPI security for connection encryption

2004-08-23 Thread Douglas E. Engert
end using both, but I believe sequence is typically a superset. Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit

Re: SSH with K5/AFS: anyone?

2004-08-25 Thread Douglas E. Engert
oken. The above patch to 3.9 should allow the pam_openafs_session to see the KRB5CCNAME, or is a start so the pam_openafs_session can be convertd to a pam_sm_setcred to use the KRB5CCNAME in all cases. -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South

Re: SSH with K5/AFS: anyone?

2004-08-27 Thread Douglas E. Engert
Sensei wrote: Douglas E. Engert wrote: See http://bugzilla.mindrot.org/show_bug.cgi?id=918 Ok, but it doesn't work. Not with the patch, not with gssapi, not with pam, not with anything. Yes use it all the time with gssapi. So how it comes you have it working? What are your settings?

Re: interoperability of Kerberos client and server

2004-09-10 Thread Douglas E. Engert
Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 25

  1   2   3   4   5   6   7   8   >