Dear All,
I have tried to propagate my kerberos database
from my old master london.doc.ic.ac.uk
to my new slave tt-u1404.doc.ic.ac.uk
but without any luck.
<< Main characters in my tragedy >>
0] master:
[root@london ~]# cat /etc/issue
Mandrakelinux release 10.2 (Limited Edition 2005) for i586
On 16/07/14 15:12, Benjamin Kaduk wrote:
> On Wed, 16 Jul 2014, Giuseppe Mazza wrote:
>
>>
>> <>
>> - Any idea how to solve the above problem?
>> - If you think that the two kerberos versions are too different, can you
>> think a different strategy t
On 16/07/14 15:48, Benjamin Kaduk wrote:
> Hmm, I think that should be sufficient, but a kpropd.acl file is also
> needed on the slave KDC, as discussed in
> http://web.mit.edu/kerberos/krb5-latest/doc/admin/install_kdc.html#configure-slave-kdcs
A kpropd file is already present on my slave tt-u140
Hi Greg,
Thank you for your very helpful email.
On 16/07/14 15:54, Greg Hudson wrote:
> On 07/16/2014 10:08 AM, Giuseppe Mazza wrote:
> [trying to kprop from krb5 1.4 to krb5 1.12 and it hangs]
>> - I have read your archive. Apparently some people had a similar problem.
>> I
On 16/07/14 15:54, Greg Hudson wrote:
> You could also try installing the libkrb5-dbg
> package and gdb attaching to the process to get a stack trace.
>
Please find my attempt below:
<>
root@tt-u1404:~/foo# ls
kdb-dump kdb-dump.dump_ok
root@tt-u1404:~/foo# /usr/sbin/kdb5_util load kdb-dump
...
Hi Greg,
I have got a good news and a bad one.
On 17/07/14 17:49, Greg Hudson wrote:
> On 07/17/2014 08:59 AM, Giuseppe Mazza wrote:
>> > What do you think? Do you need more info?
> I think I do need more info. This helps narrow things down, but there
> are still questi
Dear Tom,
Thank you for letting me know.
All the best,
Giuseppe
On 7/30/14 4:26 AM, Tom Yu wrote:
> Greg Hudson writes:
>
>> To summarize briefly: there is a compiler bug in the version of gcc used
>> in Ubuntu 14.04, which can trigger a libdb2 hang. We have prepared a
>> workaround, but it is
Dear All,
It seems to me that the tag kdc_supported_enctypes is not used in the
file kdc.conf anymore:
root@ubuntu1404:~# aptitude show krb5-kdc | grep Version
Version: 1.12+dfsg-2ubuntu5.2
root@ubuntu1404:~# zcat /usr/share/man/man5/kdc.conf.5.gz | grep
supported_enctypes
.B \fBsupported_
Dear All,
I have upgraded and my server and my client to "1.12+dfsg-2ubuntu5.1"
(Ubuntu 14.04.1 LTS).
root@client:~# aptitude show krb5-user | grep Version
Version: 1.12+dfsg-2ubuntu5.1
root@server:~# aptitude show krb5-kdc | grep Version
Version: 1.12+dfsg-2ubuntu5.1
client% ksu
WARNING: You
On 17/02/15 17:36, Benjamin Kaduk wrote:
> On Tue, 17 Feb 2015, Giuseppe Mazza wrote:
>
>> However on the client I have got:
>> client% head -5 /etc/krb5.conf
>> [appdefaults]
>> # [dwm] necessary for DOC.IC.AC.UK
>> allow_weak_crypto=true
>
&
On 17/02/15 22:51, Benjamin Kaduk wrote:
> On Tue, 17 Feb 2015, Giuseppe Mazza wrote:
>
>> On 17/02/15 17:36, Benjamin Kaduk wrote:
>>> On Tue, 17 Feb 2015, Giuseppe Mazza wrote:
>>
>>
>> client% head -20 /etc/krb5.conf
>> [appde
On 18/02/15 10:57, Giuseppe Mazza wrote:
> On 17/02/15 22:51, Benjamin Kaduk wrote:
>> On Tue, 17 Feb 2015, Giuseppe Mazza wrote:
>>
>>> On 17/02/15 17:36, Benjamin Kaduk wrote:
>>>> On Tue, 17 Feb 2015, Giuseppe Mazza wrote:
>>>
>>>
>>&g
On 18/02/15 17:08, Benjamin Kaduk wrote:
> On Wed, 18 Feb 2015, Giuseppe Mazza wrote:
>
>> A collegue of mine lets me know that it could be a different issue.
>> Here is his root principal:
>> kadmin.local: get_principal collegue/root
>> Principal: collegue/r...@d
On 10/04/15 17:23, kerberos-requ...@mit.edu wrote:
> I would like to upgrade my inter-realm trust key from DES to AES.
>
> My current situation is
> i] Domain IC.AC.UK (Windows Server 2012): I have no access to it. People
> from College manage it.
>
> Users in IC.AC.UK (Windows) can login and use s
Hi there,
I have got the following problem. If I change the location of the
log file in /etc/krb5.conf
from /var/log/krb5kdc.log
to /var/log/krb5kdc/krb5kdc.log
i.e.
root@mymaster:/var/log# grep krb5kdc /etc/krb5.conf
kdc = FILE:/var/log/krb5kdc/krb5kdc.log
then the new log file /var/lo
): AS_REQ (9
etypes {18 17 16 23 25 26 1 3 2}) __an_ip_address__: CLIENT_NOT_FOUND:
a_u...@doc.ic.ac.uk for , Client not found in Kerberos
database
===
Regards,
Giuseppe
On 26/02/16 11:22, Giuseppe Mazza wrote:
> Hi there,
>
> I have got the following problem. If I change the location of
oun...@mit.edu] De la part de
> Giuseppe Mazza
> Envoyé : vendredi 26 février 2016 15:20
> À : kerberos@MIT.EDU
> Objet : Re: about the location of the log file in /etc/krb5.conf
>
> Sorry, I forgot to say that I have put in place the the rotation below:
>
> root@mymaster:/# cat
Dear All,
I have tried to semplify my initial conditions: I am changing
only the thing below:
from /var/log/krb5kdc.log
to /var/log/krb5kdc/krb5kdc.log
in
/etc/krb5.conf
and in
/etc/krb5kdc/kdc.conf
(and restarted both services krb5-kdc and krb5-admin-server)
root@mymaster:~# grep log /etc/krb5
I have not managed to understand why my log file
/var/log/krb5kdc/krb5kdc.log
gets deleted.
However my "solution" is to use the old path, i.e.
/var/log/krb5kdc.log
root@mymaster:~# grep log /etc/krb5.conf /etc/krb5kdc/kdc.conf
/etc/krb5.conf:[login]
/etc/krb5.conf:[logging]
/etc/krb5.conf: kdc =
Hi there,
I have got the following setup:
1] ubuntu linux clients
2] windows domain controllers IC.AC.UK
ubuntu kerberos serversDOC.IC.AC.UK
trust relationship between the two domains
Users are created on the windows dc's and can login on linux clients.
In ubuntu14.04 I do not have t
(I apologize for my long email)
I am going to try to provide some feedback:
#
# my (not) working scenario...
#
1] Linux kerberos server:
Ubuntu 14.04.4 LTS \n \l
ii krb5-kdc 1.12+dfsg-2ub amd64 MIT Kerberos key
server (KDC)
2.a] Ubuntu 16.04 linux client, called futurama.doc.ic
had kinit-ed gma...@ic.ac.uk
Giuseppe.
On 16/06/16 14:09, Giuseppe Mazza wrote:
> (I apologize for my long email)
>
> I am going to try to provide some feedback:
> #
> # my (not) working scenario...
> #
> 1] Linux kerberos server:
> Ubuntu 14.04.4 LTS \n \l
> ii
Hello there,
I have tried to implement single-sign-on on a my macbook.
What I can:
- I can kinit and get a valid ticket
- I can ssh into a linux machine part of my realm without I am asked for
a password
What I can *not*:
- browse a webpage even if I have kinit-ed successfully.
When I access
Dear Hugh,
Thank you for your reply.
On 24/03/17 16:01, kerberos-requ...@mit.edu wrote:
> Today's Topics:
>
>1. Re: Kerberos Digest, Vol 171, Issue 14 (Hugh Cole-Baker)
>>
>> I have tried to implement single-sign-on on a my macbook.
>>
>> - has anybody manage to configure supported browsers
Dear All,
I want to install a new kerberos slave running on Ubuntu16.04.
I would like to prevent the service krb5-admin-server running on the slave.
It seems to me that is not possible to set the variable
'RUN_KADMIND=true' in /etc/default/krb5-admin-server anymore.
I wonder if you could advic
Dear All,
I have built a test infrastructure as below:
gm-u1204 = Ubuntu12.04 server running my kdc (realm -> GML.DOC.IC.AC.UK)
gm-win2012 = Windows 2012 running my dc (domain -> GMW.DOC.IC.AC.UK)
I have setup a nontransitive trust, i.e.
"One-way: incoming Users in this domain GMW.DOC.IC
Hi Kenny,
Sorry, I had forgotten to say that
gml.doc.ic.ac.uk is an alias for gm-u1204.doc.ic.ac.uk.
>
> Shouldn't the kdc for GML.DOC... be "gm-u1204.doc.ic.ac.uk" instead of
> "gml.doc.ic.ac.uk" in your krb5.conf?
>
> Cheers,
>
> Kenny.
However I have tried the change you have suggested, i.
Dear All,
Do you know whether the master key is cached somehow?
I have done the thing below:
0] the main characters are
sv-u1404-02 is my kerberos master
sv-u1404is my kerberos slave
1] on the kerberos slave:
root@sv-u1404:/etc/krb5kdc#
service krb5-admin-server stop
service krb5-kdc stop
28 matches
Mail list logo
