Hi There,
I'm trying to compile kerberos for the Nokia N800/810 running Maemo. I'm
using scratchbox to compile and I get the following configure messages:
checking which version of com_err to use... system
checking for add_error_table in -lcom_err... no
configure: error: cannot find add_error_ta
[EMAIL PROTECTED] wrote:
> Hello All,
>
> I am having the problem with database propagation that so many before me
> have apparently had. I have read and tried so many suggestions in various
> posts that I've lost count. I can't seem to find anyone who actually
> reported that they had solved th
[EMAIL PROTECTED] wrote:
> Hi,
>
> I tried copying the krb5kdc directory to the slave. I get the same result
> (Decrypt integrity check failed while getting initial ticket). Is there
> something else I could try?
>
> Thanks,
> -G
>
>
>
>
>
>
"Decrypt integrity check failed" usually means that
[EMAIL PROTECTED] wrote:
> Jason,
>
> I just successfully compiled kerberos and installed it on my N810 (so
> it can be done!) I am using vanilla krb5-1.6.3 downloaded from the
> MIT website. I unpack it into my home area in scratchbox. When I run
> configure in scratchbox (using the CHINOOK_ARM
Hi,
We're working on creating a process that will automatically create a
kerberos principal for a user when they agree to the computer policies
on a web page.
The user will use a web link that we sent with a hashed value that will
take the user to a web page that will create their kerberos princi
Russ Allbery wrote:
> Simon Wilkinson <[EMAIL PROTECTED]> writes:
>
>
>> It's not clear from your description how you check that the script is
>> creating the 'correct' account name for a particular user - nor how you
>> protect against denial of service attacks, or attacks which create
>> 'magi
Simon Wilkinson wrote:
>
> On 21 Mar 2008, at 01:36, Jason Edgecombe wrote:
>>>
>> The script will check that the user is in the /etc/password file. The
>> keytab will only have privileges to add accounts, so existing accounts
>> like admin/root are safe.
>
Hi everyone,
I have uploaded a orb5 package for the the Nokia N810 and Nokia N800
(running OS2008) to the Maemo extras repository.
I welcome anyone who would like to test it out. The package is small and
only includes kinit and libkrb5. Feedback is welcome.
If you can't find it in the repository
Ken Raeburn wrote:
> On May 6, 2008, at 15:36, Mahmudul Haque wrote:
>
>> I am stuck in cross compiling the krb5-1.6.3 for my mips board. i am
>> getting the following error whenever i try to compile it:-
>> "checking for constructor/destructor attribute support... configure:
>> error: Cannot t
Hi everyone,
I have successfully packaged mit krb5 for maemo, the OS for the Nokia
N8X0 tablets. I remove the appl folder from the package, though.
Where should the debian source package be hosted? Should they be in the
MIT krb5 cvs or hosted separately?
Thanks,
Jason
_
Victor Sudakov wrote:
> Victor Sudakov wrote:
>
>
>>> There is a very useful command "ktutil get" in Heimdal. It allows to
>>> conveniently join a host into a Kerberos domain, without bothering
>>> about transferring the keytab.
>>>
>
>
>>> What is the analogous command in the Solaris
Hi everyone,
We are extending the ticket lifetime for all of the users in our realm
from 1 day to 7 days. We use MIT Kerberos in our realm. I know that
"modprinc -maxlife 7day u...@realm.com" will extend the ticket lifetime
for an existing user, but how to I make it the default for new users?
To
Russ Allbery wrote:
> Jason Edgecombe writes:
>
>
>> We are extending the ticket lifetime for all of the users in our realm
>> from 1 day to 7 days. We use MIT Kerberos in our realm. I know that
>> "modprinc -maxlife 7day u...@realm.com" will extend the ti
Kevin Coffman wrote:
> On Tue, Feb 17, 2009 at 4:49 PM, Jason Edgecombe
> wrote:
>
>> Russ Allbery wrote:
>>
>>> Jason Edgecombe writes:
>>>
>>>
>>>
>>>> We are extending the ticket lifetime for all of the use
We have users who need to run long-running jobs and store their files in
AFS during the run.
I've read the k5start and k5renew man pages, but I don't see how I can
have users type in their password when they start a job and have the
tickets and tokens keep being renewed.
How can I do this?
Th
Russ Allbery wrote:
> Jason Edgecombe writes:
>
>
>> We have users who need to run long-running jobs and store their files in
>> AFS during the run.
>>
>> I've read the k5start and k5renew man pages, but I don't see how I can
>> have users type
Russ Allbery wrote:
> Jason Edgecombe writes:
>
>> I guess setting things for renewable tickets longer than 7 days or
>> running the jobs in local disk will be easiest.
>>
>> We have a 7 day normal/renewable lifetime. What length do other sites
>> have?
Nicolas Williams wrote:
> On Sat, Feb 28, 2009 at 11:40:26PM -0500, Jason Edgecombe wrote:
>
>> I guess setting things for renewable tickets longer than 7 days or
>> running the jobs in local disk will be easiest.
>>
>> We have a 7 day normal/renewable lifetime. W
On 09/02/2014 12:53 PM, Greg Hudson wrote:
> On 09/02/2014 04:20 AM, bodik wrote:
>> But I was thinking, if there would be something like "static_kdc.c" ? some
>> very
>> small implementation without all fancy features like PA, crossrealming, heavy
>> encryption, something which would just send ou
Hi everyone,
Michael Weisner has submitted a pull request for puppet to add Kerberos
PKINIT support for puppet, which allows puppet certificates to be used
for bootstrapping kerberos services and authentication.
Puppetlabs is kind enough to consider this request, and is debating
whether or not
ru on whether or not TGTs are expected
to be forwarded and if that is a security risk. Everything worked fine a
few weeks ago.
Any help is appreciated.
Thanks,
Jason
---
Jason Edgecombe | Linux Administrator
UNC Charlotte | Th
ing to play around with the Credential delegation settings on the
machine account in AD and see how well that works.
Thanks,
Jason
-------
Jason Edgecombe | Linux Administrator
UNC Charlotte | The William States Lee Coll
Jaap Winius wrote:
> Hi all,
>
> If you have 1,000 user names and passwords to add to an MIT Kerberos V
> database on a Linux system, you could add them all manually with kadmin,
> but that would be a terrible waste of time. The proper way would be to
> automate this process with a script, but I
Prasad (普拉萨德) wrote:
> I am ok that we normally use the Kerberos to keep the password and LDAP is
> just for authorization. But then if my DNS Goes down, then no one can login
> to the system because Kerberos is highly dependent on the DNS and NTP. Thats
> why I am thinking of having the username a
vinay kumar wrote:
> *Hi,*
>
> I am new to kerberos, I have been asked to setup KDC, kerberos client
> and application server. Using these i have to capture AP_REQ, AP_REP, AS_REQ
> and AS_REP in wireshark. I have two systems both are working on Red Hat
> Linux. I downloaded Kerberos from MIT
using the kadmin tool.
>
> --Max
>
> On Jan 19, 2010, at 4:28 AM, Jason Edgecombe wrote:
>
>> vinay kumar wrote:
>>> *Hi,*
>>>
>>> I am new to kerberos, I have been asked to setup KDC, kerberos
>>> client
>>> and application
hi Everyone,
I noticed that remctld is not supported on windows. Is it possible to
run on windows XP? It would be ideal for some in-house programs that are
needed. what issues are involved when running remctld on windows?
Thanks,
Jason
Kerberos m
Russ Allbery wrote:
> Jason Edgecombe writes:
>
>
>> I noticed that remctld is not supported on windows. Is it possible to
>> run on windows XP? It would be ideal for some in-house programs that are
>> needed. what issues are involved when running remctld on w
Hi Everyone,
Looking at the remctl web site, it says that the remctl server is not
supported on windows. We would like to use remctld on Windows XP. What
would be involved in making that work? Is that possible?
Thanks,
Jason
Kerberos mailing list
Jeffrey Altman wrote:
> On 2/25/2010 9:52 PM, Russ Allbery wrote:
>
>> Jason Edgecombe writes:
>>
>>
>>> Dang. Thanks.
>>>
>> The drawback to the Java server implementation is that it doesn't actually
>> run anything, just
Christopher D. Clausen wrote:
> Jason Edgecombe wrote:
>> We want to have a tool for our help desk students to list and kill
>> processes for other users on workstations along with being able to
>> trigger a remote shutdown or reboot.
>
> Tasklist.exe, taskkill.exe and
*Has anyone else seen this?*
*Thanks,*
*Jason
*
*
*
*From:* Andrew Stein [mailto:andrew1st...@gmail.com]
*Sent:* Wednesday, July 14, 2010 12:07 AM
*To:* Stein, Jack; Edgecombe, Jason
*Subject:* MIT Kerberos -- spyware? No way
http://www.spywareterminator.com/item/5472/details.html
I scanne
On 06/11/2011 08:31 AM, Lee Eric wrote:
> Hi,
>
> The systems are using Fedora 14 and the systems can log in each other
> by using Kerberos. But it seems after OpenSSH login the client side
> cannot get the OpenAFS token. So is there any way to let the client
> side get the OpenAFS token after logi
On 03/01/2012 06:43 PM, Russ Allbery wrote:
> "Edgecombe, Jason" writes:
>
>> I have Russ Allbery's pam_krb5 and pam_afs_session modules working for
>> console logins, but they fail for ssh logins (both password and
>> kerberized). I can get ssh logins to work with RedHat's pam_krb5
>> module, bu
On 03/01/2012 07:38 PM, Russ Allbery wrote:
> Jason Edgecombe writes:
>
>> No, the local users are locked in the shadow file. The users have a "*"
>> in the password field for the /etc/shadow file. I'm using nssdb for
>> passwd and shadow file if that matt
dump/load into new dev realm, and of course all
> principals are
> added with a...@prodkrb.realm.edu into the KRBDEV.REALM.EDU.
> So not sure how propagation would be any different.
>
> Thanks,
> Tareq
>
> On May 11, 2012, at 6:26 PM, Jason Edgecombe wrote:
>
>>
On 05/22/2013 01:15 PM, Russ Allbery wrote:
> Dagobert Michelsen writes:
>> Am 22.05.2013 um 15:41 schrieb "Edgecombe, Jason" :
>>> * passwords may not contain certain characters, like unicode or some
>>> ACSII characters
>> To my knowledge this is not possible, but I also don't see a reason to
>>
Hi everyone,
We're trying to set up a Linux compute cluster using torque. I would
like the jobs to be able to access each user's AFS space by caching the
user's Kerberos tickets/access.
One solution is auks:
http://workshop.openafs.org/afsbpw10/talks/wed_3/hautreux_kerberos_hpc.pdf
https://gith
On 03/07/2014 06:16 PM, Greg Hudson wrote:
> On 03/07/2014 05:17 PM, Edgecombe, Jason wrote:
>> I don't see how anyone can object to rejecting requests for expired or
>> deleted principals.
> I don't think anyone has. In the past I have mentioned performance as a
> possible issue, but it turns ou
On 04/05/2014 11:02 AM, Remi FERRAND wrote:
> Hi everyone,
>
> Sorry for the spam if this list isn't the I should use to discuss about
> remctl (http://www.eyrie.org/~eagle/software/remctl/).
>
> At IN2P3 Computing Centre, we're starting to use remctl for everything that
> requires privilege dele
40 matches
Mail list logo
