30 jul 2016
i ran into an interesting error when i compiled and installed
krb5-1.14.3. make check reported this:
Test 1: btree, hash: small key, small data pairs
Test 1: recno: small key, small data pairs
Test 2: btree, hash: small key, medium data pairs
Test 2: recno: small key,
08 aug 2016
sorry for the delay. i've been busy, and i expect this week to
be extremely busy.
>> Test 3: btree: small key, big data pairs
>> page size 512
>> page size 16384
>> page size 16384
>> page size 65536
>> dbtest: write: Success
>> test3: btre
19 aug 2016
>> Test 3: btree: small key, big data pairs
>> page size 512
>> page size 16384
>> page size 65536
>> dbtest: write: Success
>> test3: btree: page size 65536: failed
> I'm not sure we've seen that failure before. Did any previous
> releases work su
28 may 2014
greetings,
i tried to set up openssl ssl/tls certificates for krb5-1.12.1. i
used the extensions cited in the docs. i cut-and-pasted, so my
typing should not be an issue, and then double-checked the
extensions files. the openssl ca command looked like it ran ok,
but the output cert
28 may 2014
greetings,
the client keytab looks very interesting. however, this small
blurb lists almost all i could find about it in the docs:
Default client keytab
The default client keytab is used, if it is present and readable,
to automatically obtain initial credentials for GSSAPI cl
29 may 2014
greetings,
many thanks to michael.
>Simply compile a recent version of MIT Kerberos, re-link your
>application and then do:
>$ export KRB5_CLIENT_KTNAME= # e.g. $HOME/client.keytab
>$ app-with-gssapi-calls # in my case curl
i just noticed something. i run app-name, and not kinit?
30 may 2014
greetings,
again, many thanks to michael.
>>$ export KRB5_CLIENT_KTNAME= # e.g. $HOME/client.keytab
>>$ app-with-gssapi-calls # in my case curl
i ran some tests, and they proved most interesting.
the good news is that
KRB5_CLIENT_KTNAME=some.key.file app-with-gssapi-calls
worked.
31 may 2014
greetings,
i saw no response to my earlier post on this topic, so i guess i
confused people. this post provides further elaboration of my
problem. i used the script command to log recreating a test
certificate chain that mirrors my current chain, with a lot of
noise deleted.
btw- m
06 jun 2014
greetings,
>> as you can see, the expected kdc extensions appeared in the output
>> certificate, but they contained no data or invalid data.
>Are you judging that by the following output?
>> X509v3 Subject Alternative Name:
>> othername:
>I see the same
07 jun 2014
greetings,
as expected, my pkinit efforts failed. however, i captured some
output for analysis. i included everything i thought relevant.
i also embedded some questions and comments in the output.
Script started on Sat 07 Jun 2014 06:12:05 PM EDT
hostname(test) 1 $ ksh -xv /tmp/gig
10 jun 2014
i worked up this reply yesterday, and just got the chance to post it.
i think it confirms your guesses about what i did. i'll try your
suggestions
and get back to you.
thank you very much. that looks like the most promising approach
i've seen ANYWHERE.
frank smith
09 jun 2014
gre
11 jun 2014
greetings,
>> KRB5_TRACE=/dev/stdout kinit \
>> -X X509_user_identity=DIR:/home/test/.krb5.id my/principal
>I think I know why this is. When you created the client certificate,
>you presumably set the environment variable CLIENT to "my/principal".
EXACTLY!
>If you look at exten
12 matches
Mail list logo
