Hello.
I'm configuring Linux machines using W2003 as KDC, everything works fine
for Debian SSH, and Ubuntu for X server with MIT kerberos.
But I would like to give user ability to loggon into workstation if his
key not yet expired and KDC not available for moment, is that possible?
___
Hello.
I'm configuring Linux machines using W2003 as KDC, everything works fine
for Debian SSH, and Ubuntu for X server.
But I would like to give user ability to logon into workstation if his
key not yet expired and KDC not available for moment, is that possible?
___
On 04.06.2009 0:47, Ravi Channavajhala wrote:
> On Wed, Jun 3, 2009 at 11:09 PM, Nikolay Shopik wrote:
>> Hello.
>>
>> I'm configuring Linux machines using W2003 as KDC, everything works fine
>> for Debian SSH, and Ubuntu for X server with MIT kerberos.
>>
&g
On 04.06.2009 11:10, Ravi Channavajhala wrote:
> Wouldn't it be nice if you can really make another server (Linux or
> Unix) as a backup KDC? But in reality, this may or may not work (I
> haven't tried this personally) but Microsoft Kerberos implementation
> is different from stock MIT. Kerberos
On 04.06.2009 11:15, Nikolay Shopik wrote:
> On 04.06.2009 11:10, Ravi Channavajhala wrote:
>> Wouldn't it be nice if you can really make another server (Linux or
>> Unix) as a backup KDC? But in reality, this may or may not work (I
>> haven't tried this per
On 05.06.2009 17:15, Simo Sorce wrote:
> Windows caches the NT hash of your password.
> That's how you get access w/o the KDC. Nothing to do with kerberos
> credentials at all.
That's what I though for moment. Can such thing (caching MD5/whatever
hash locally for some period) accomplished on Linu
On 05.06.2009 17:30, Simo Sorce wrote:
> On Fri, 2009-06-05 at 17:22 +0400, Nikolay Shopik wrote:
>> On 05.06.2009 17:15, Simo Sorce wrote:
>>> Windows caches the NT hash of your password.
>>> That's how you get access w/o the KDC. Nothing to do with kerberos
>
On 05.06.2009 18:36, Russ Allbery wrote:
> Nikolay Shopik writes:
>
>> Only thing I found is pam_krb5 which have existing_ticket
>> option. (tells pam_krb5.so to accept the presence of pre-existing
>> Kerberos credentials provided by the calling application in the
>&g
On 05.06.2009 19:29, Russ Allbery wrote:
> Nikolay Shopik writes:
>> On 05.06.2009 18:36, Russ Allbery wrote:
>>> Nikolay Shopik writes:
>
>>>> Only thing I found is pam_krb5 which have existing_ticket
>>>> option. (tells pam_krb5.so to acce
And you are enabled "Integrated windows authentication" option in IE6,
don't you?
On 10.07.2009 19:20, Ahmar Nauman wrote:
>
> Hi,
>
> I'm using windows server 2003 as domain controller,
> i've succesfully followed all the necessary steps required for setting up
> an SSO, generated keytab
On 01.09.2009 14:55, Nikos Nikoleris wrote:
> jarek wrote:
>> Hi all!
>>
>> I'd like to configure CISCO Catalyst to use kerberos against AD server
>> W2008. I'd like to login to cisco using ticket and telnet.krb5 from
>> krb5-clients package. When I'm trying telnet.krb5 -a -f cisco_ip, I'm
>> getti
On 06.10.2009 16:27, anandhi jay wrote:
> Hi,
>
> I have installed the kerberos5 in linux and configured squid for that.
> From IE6 i configured the squid proxy ipaddress and port. It asked for
> the username and password.
> I have given the kerberos principal as username and pass
Jeffrey any chance this could be updated for XP/2003 or this is already
out of scope?
On 03.11.2009 18:19, Jeffrey Altman wrote:
> Jeffrey Altman wrote:
>> Christoph Fritz wrote:
>>> Unfortunately kerbtray does not show me any ticket in the LSY cache. Which
>>> parameters do I need for the mit2ms
On 24.12.2009 14:57, Vinayak wrote:
> I am thinking of using keytab file generated from one KDC to get
> ticket from another "identical" KDC. Please let me know if this is
> possible?
>
If I remeber correctly this won't work, even though you have identical
configuration you should have keytab's
On 04.01.2010 21:17, Marcello Mezzanotti wrote:
> Is "Kerberos for Windows" necessary for Windows/Putty?
No it doesn't use KfW at least offical build only use SSPI. You also may
download just latest snapshot version it does include GSSAPI
authetication no need to search patched.
___
Hello,
Does 64bit version of KfW work with 32bit version app? Because for me
looks like 64bit version doesn't work with 32bit apps.
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Hello everyone,
I'm in middle of process making my mail server Kerberized. Currently my
infrastructure is only password based, but I plan move to PKINIT thus
using certificate based authentication. Afterward I though about my
smartphone clients who use email on their phones this is excl
Hello everyone,
I'm in middle of process making my mail server Kerberized.
Currently my infrastructure is only password based, but I plan move to
PKINIT thus using certificate based authentication. Afterward I though
about my smartphone clients who use email on their phones this is
exclus
On 09.02.2010 0:46, Luke Scharf wrote:
> Nikolay Shopik wrote:
>> Hello everyone,
>>
>> I'm in middle of process making my mail server Kerberized. Currently
>> my infrastructure is only password based, but I plan move to PKINIT
>> thus using certificate ba
On 09.02.2010 18:08, Luke Scharf wrote:
> If you're using virtual users on the e-mail server, then saslauthd can
> be configured to attempt to log in to Kerberos to see if the password is
> valid instead of PAM. This is an application-level way to check
> credentials, as opposed to a system-level
On 09.02.2010 18:08, Luke Scharf wrote:
> If you're using virtual users on the e-mail server, then saslauthd can
> be configured to attempt to log in to Kerberos to see if the password is
> valid instead of PAM. This is an application-level way to check
> credentials, as opposed to a system-level
On 22.02.2010 18:16, Mark Campbell wrote:
> We are trying to get our MACs to use our central MIT kerberos realm. We
> need the ability for users to use cached credentails in order to log in
> outside of work say on travel trips on an airline, etc... where a
> network connection is not available.
I've asked about Kerberos support in Cisco devices once, from what I can
tell they don't support tickets/gssapi, so only login password manually
will work.
On 25.03.2010 0:20, Matt Zagrabelny wrote:
> Greetings,
>
> I am attempting to use MIT Kerberos to provide automatic logins via
> telnet on
On 25.03.2010 15:41, Matt Zagrabelny wrote:
> Funny thing, I once had tickets/gssapi working with the catalysts, but
> that was a number of years ago. That is what the krb5-telnet
> authentication mode does. There was a bug that caused a hard reboot with
> the IOS, Cisco says that it has been fixed
Hi,
I wounder how correctly generate keytabs for virtual hosts in Apache?
From what I read, most cases suggest create keytab for HTTP/hostname
where is hostname is actual hostname of machine not virtual hostname.
Error logs show these messages:
gss_accept_sec_context() failed: Unspecified GSS
On 30.09.2010 1:23, Russ Allbery wrote:
> In practice, you need to add HTTP/* principals for both names to the
> Apache keytab if they differ, and then configure mod_auth_kerb to accept
> any credential that's available in the keytab. Last time we did testing,
> Firefox did one thing and IE did th
On 30.09.2010 11:43, Russ Allbery wrote:
> Nikolay Shopik writes:
>> On 30.09.2010 1:23, Russ Allbery wrote:
>
>>> In practice, you need to add HTTP/* principals for both names to the
>>> Apache keytab if they differ, and then configure mod_auth_kerb to
>>>
27 matches
Mail list logo
