> "FP" == Florian Preu writes:
FP> Is there a possibility to store credentials to log into a system,
FP> if the kdc is not availiable?
Recent Fedora releases have pam_ccreds for doing credential caching.
It should work with any Linux distro supporting PAM, but I don't know
how useful it is a
> "JH" == Jeffrey Hutzelman <[EMAIL PROTECTED]> writes:
JH> Well, the problem is that entries in NIS or in UNIX password files
JH> don't contain the password; they contain a one-way hash of the
JH> password. Without some fairly time-expensive cryptographic
JH> attacks, you can't recover the a
> "LH" == Luke Howard <[EMAIL PROTECTED]> writes:
LH> It seems that Solaris has kwarnd, which can both warn users of
LH> impending ticket expiry as well as renewing tickets. Are there any
LH> plans to do something similar for Linux?
gnome-kerberos would seem to be a start. There's also
http:
I was hoping someone could give me a bit of advice. This morning at
precisely 4AM our long-running master KDC started spewing these errors
once every propagate run:
dump: error performing Kerberos version 5 release 1.3 dump (Database
record is incomplete or corrupted)
/usr/kerberos/sbin/kprop: '/
> "KH" == Ken Hornstein <[EMAIL PROTECTED]> writes:
KH> The simplest thing to do would be to copy the file "from_master"
KH> back to the master, and use "kdb5_util load" to load it back into
KH> the database.
Thanks; that seems to have worked.
KH> (Personally, I do a dump of the KDC database
> "KR" == Ken Raeburn <[EMAIL PROTECTED]> writes:
KR> Do you have any notion what might've been changed since the
KR> previous kprop run when you got a successful dump?
I have no idea at all. Lots of stuff tends to happen at 4AM on a Red
Hat/Fedora system but I can't pin it down to anything
I know just enough about Kerberos to screw things up badly, and I'm
faced with my krb infrastructure running on hardware that is getting
old enough to start having issues. I have plenty of admin experience
but for some reason I can never manage to wrap my head around all of
the Kerberos intricacie
> "CH" == Charles Hedrick writes:
CH> The KEYRING mechanism is nice, in many ways. But it has some
CH> unexpected effects.
It's always good to mention the actual OS you are using. I know most
modern Linux distros provide the KEYRING CCACHE type which uses the
kernel's keyring facility.
CH>
> "MT" == Maple Thorpe writes:
MT> Need a spec file or method to build, if available, for fc-14 x64
MT> arch. Would like to build binaries for KDCs using rpmbuild -ta.
The current version of kerberos in rawhide and what will be F15 is 1.9.
You can either grab an srpm from a build at
http://k
> "JW" == Jaap Winius writes:
JW> Hi folks, On all of the Debian squeeze servers with Kerberos
JW> (v1.8.3) that I manage, I've noticed that the Kerberos daemons start
JW> out writing to their designated log files, e.g. kdc.log, but once
JW> those log files are rotated they ignore the new emp
10 matches
Mail list logo
