with applications
built against previous releases of KFW. Hence, there are no transition
issues.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev
the opinion of end users or help desks, you need at the very
least to ask on [EMAIL PROTECTED] but more likely you need to actively
perform Google searches to find out who distributes KFW and contact the
people responsible for the distribution directly.
Jeffrey Altman
Secure Endpoints Inc.
smime.p7s
Comments:
1. What is being announced today is not KFW 3.2.2, it is a beta, and as
such the announcement text should focus on the changes to the release,
what you want tested, how long users have to test and submit bugs, and
what the release schedule is going to be.
2. For the final announcement,
Tom Yu wrote:
jaltman == Jeffrey Altman [EMAIL PROTECTED] writes:
jaltman Kevin Koch wrote:
** The MIT Kerberos Team has decided that the MIT Kerberos for
** Windows 3.x release series will be the last versions to contain
** Kerberos 4 support. Beginning with 4.0 release, MIT Kerberos
that we should reserve the first couple of thousand ordinal
values for MIT and document it in the .DEF file going forward.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu
in the existing implementation. Please do not repeat the
mistakes that have been made over the last eight years.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo
\bin
directory.
Jeffrey Altman wrote:
Douglas E. Engert wrote:
Just installed kfw-3.2.2 on new Vista Enterprise.
After logoff and during logon the messagbox:
mpnotify.exe unable to locate component
This application has failed to start because MSVCR71.dll was not found.
Reinstalling
Alexandra Ellwood wrote:
On Jan 30, 2008, at 12:53 PM, Jeffrey Altman wrote:
CCAPI v2 is deprecated. All CCAPI v2 functions return errors when
called.
This decision is going to cause problems for all currently deployed
applications which support the use of multiple credential caches
Kevin Koch wrote:
In my CCAPI client DLL, RpcMgmtIsServerListening returns true when the
server isn't running. I'd expect it to return an error if the RPC handle
were invalid and it should return RPC_S_NOT_LISTENING instead of 0 when the
server isn't listening (or running).
This is a query
Daniel Kouril wrote:
Dear all,
We'd like to use NIM to control several identity types, so I'd like ask
about current status of the support for multiple identity providers
described in
http://www.secure-endpoints.com/netidmgr/proposal-nim-multiple-id-nc-ux.pdf
and
Daniel Kouril wrote:
On Mon, Mar 03, 2008 at 09:07:37AM -0500, Jeffrey Altman wrote:
We are getting closer but there is no development version available at this
time.
Funding for the project ran out a long ago but Secure Endpoints is
continuing to develop it as time permits. If all goes
Kevin Koch wrote:
I'm testing KfW with the new CCAPI and krb4 removed. kinit, klist, kdestroy
appear to be working. But when NIM starts up, it doesn't load any plugins.
To help me zero in on the problem area, where are the plugins to be loaded
specified and what code tries to load them?
The
Kevin Koch wrote:
Apparently not! How?
Thanks.
Look at the work that was done for 64-bit builds.
If you build as if you are building for 64-bit, then the krb4 is disabled.
This is true for all of the kuser tools as well as the NIM plug-ins.
smime.p7s
Description: S/MIME Cryptographic
Kevin Koch wrote:
Good point. For now, I'll continue trying to get it to work without any
KRB4 support. Later I'll turn the compile time condition into a run time
condition.
With the changes in dynimport.c, NetIdMgr starts but one of the three
kmmint_plugin_broker threads calls krb4_cb which
and will be a
significant burden on help desks.
Jeffrey Altman
Secure Endpoints Inc.
smime.p7s
Description: S/MIME Cryptographic Signature
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev
Kevin:
As was stated previously, the NSIS install would bundle vcredist_x86.exe
and execute it.
The MSI (WIX) installer would use the merge modules.
Jeffrey Altman
Kevin Koch wrote:
The IFDEF CL_1400 sections of kfw-fixed.nsi try to copy the DLLs from
SYSTEMDIR instead of from c:\WINDOWS
Kevin Koch wrote:
Ken and I were talking about detecting whether or not the Vista ntsecapi.h
is in the build environment.
Why will krb5/src/lib/krb5/ccache/cc_mslsa.c build without Vista support?
It would be convenient if there were a #else / #error on the #ifdef
David Rosenstrauch wrote:
Hi. Having trouble trying to build the old kfw 2.6.5, and running into
a few problems. (I need to build against the older version since I need
to build for VC6.)
VC6 built applications can load DLLs produced with VS7 or VS8.
First, several of the awk steps appear
David Rosenstrauch wrote:
Jeffrey Altman wrote:
David Rosenstrauch wrote:
Hi. Having trouble trying to build the old kfw 2.6.5, and running
into a few problems. (I need to build against the older version since
I need to build for VC6.)
VC6 built applications can load DLLs produced with VS7
David Rosenstrauch wrote:
Jeffrey Altman wrote:
Note that I consider the use of 2.6.5 at this point dangerous. It is
known to crash on Vista
and later OS releases or on any 64-bit platform.
Point taken. Might be alright for my purposes though. I don't need to
use any of the .exe's. All
Matthew Devine wrote:
I have Kerberos successfully connecting from my windows machine with KFW.
However I am also attempting to utilize a windows built module mod_auth_kerb
for Apache. Now the question I have is why I would get the following error.
I mean based on this its saying it can not
Kevin Koch wrote:
Is there anything more to it than installing VS2005 on a 64 bit Vista and
building?
Thanks.
Kevin Koch
Please see RT tickets 5714, 5816, 5817, 5819, 6003 and 6004 for changes
necessary for building 64-bit KFW and associated installers.
Other than the issues raised
Kevin Koch wrote:
If the NSIS installer is going to run a .msi, then why not use the full msi
installer in the first place?
Thanks.
Kevin
The NSIS installer provides a better upgrade/downgrade experience for
individual end users
over the MSI installer. The fact that an MSI is used to
Kevin Koch wrote:
Jeff -
When I try to build KfW on 64 bit Vista, compiled with VS2005, candle ACVs.
Running it by hand with -v doesn't produce any additional information.
Candle is built without debug symbols.
On what platform did you build and package a 64 bit KfW?
Thanks.
The reason the file was called kfw-fixed.nsi was because the
file was intended to include only content that did not have
to be conditionally modified.
Perhaps some of the values that need to be adjusted can be
moved into an !include file that can be auto-generated at
build time.
Jeffrey Altman
operating system version would be Windows XP.
Feedback is welcome.
Jeffrey Altman
Secure Endpoints Inc.
smime.p7s
Description: S/MIME Cryptographic Signature
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev
that the libraries
being
loaded are in fact the ones that the application developer built the
application
against.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu
Douglas E. Engert wrote:
Sounds like a good idea.
Are you leaning toward the single assembly or the multiple assemblies?
The proposal describes multiple merge modules. Assemblies are for
libraries. We
would have one shared side-by-side assembly for the core libraries and
one for the
libraries to prevent crashes when multiple
versions end up loaded within the same process which is a likely
scenario when side-by-side assemblies are used. Before assemblies can
be deployed answers to the open issues must be resolved.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic
implementations.
Jeffrey Altman
On 5/12/2010 6:07 AM, enrico versino wrote:
Hi all.
Someone can tell me what means the kerberos library error
PADATA_TYPE_NO_SUPP? I sometimes obtain this message when a user tries to
authenticate himself in a Windows 2003 Domain using smart card
On 1/20/2011 11:27 AM, Nitin wrote:
i downloaded the latest version of KFW from the site. I still don't know
what executable implements the KDC functionatliy? There's no service that I
can think of?
The KDC is not part of KFW. KFW is client only.
signature.asc
Description: OpenPGP digital
This is a test of the reply via e-mail
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev
Kevin Koch via RT wrote:
Patch to fix Refresh button behavior:
Index: mainwnd.c
===
--- mainwnd.c (revision 19739)
+++ mainwnd.c (working copy)
@@ -261,6 +261,7 @@
case KHUI_ACTION_VIEW_REFRESH:
. This would keep
the display clean and not get in the way of users that have already
learned what they need to do efficiently.
Jeffrey Altman
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev
)
If MIT wants this behavior it can obtain it by building with the patch
and adding the necessary registry value to the MSI transform.
Jeffrey Altman
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev
() to
read a DWORD value from the registry.
I would suggest using the value HideWatermarks DWORD in the key
CredWindow. MIT should set this value to non-zero to trigger the
hiding of the watermarks.
Be sure to update the appropriate schema (.csv file) when you add
registry parameters.
Jeffrey
should point out that
in the NIM 2.0 user interface proposal(*) we have already addressed this
concern as the selected identity is always visible to the user. In NIM
2.0, the title bar text is always static and as such can read Network
Identity Manager - Obtain New Credentials.
Jeffrey Altman
Kevin Koch via RT wrote:
Excellent. What are the chances of updating the online help and/or
UG, too?
Nil.
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev
Christopher D. Clausen via RT wrote:
Hmm... would it be better to maintain a list of known bad versions?
I have no idea what the list of known bad versions would be.
Theorectically, you could say that the list of know good versions will
be the version of the preliminary hotfix and all
This problem needs to be fixed in Makefile.w32 and Makefile.w2k.
Otherwise the abstraction layer between Makefile.w32/w2k and Makefile is
broken. Makefile should not need to know what the definition of DESTDIR is.
The appropriate mkdir commands must go into the mkdirs:: section of
Kevin, any chance you aren't using cmd.exe? Perhaps one of the cygwin
shells? Is the mkdir that is being executed the cygwin mkdir.exe
instead of the cmd.exe mkdir?
___
kfwdev mailing list
kfwdev@mit.edu
[EMAIL PROTECTED] via RT wrote:
$ find /cygdrive/c/KfW/pismere/athena/auth/krb5/src/windows -exec grep
mkdirs {} /dev/null \; | grep -v \.log: | grep -v \.svn
identity/doc/Makefile:all: mkdirs docs
identity/help/Makefile:all: mkdirs $(CHMFILE) $(INCFILES)
identity/kconfig/Makefile:all:
Kevin Koch via RT wrote:
The VS2003 build environment still works. It is the VS2005
environment that doesn't. Also, mkdir a\b\c\d creates the entire path
when run from the VS2005 command window. I'll bet the difference is
in the environment perl sets up for sys. How can I investigate
Kevin Koch via RT wrote:
Maybe this should be renamed VS2003/VS2005 environment differences?
Here's another one: hcw doesn't exist in VS2005 so the leash help
doesn't build.
hcw.exe doesn't exist in either VS2003 or VS2005. Its an additional
tool that you installed from the HTML Help
=rd
as this will execute the shell version of the command in all cases.
Jeffrey Altman
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev
the incorrect
network identity from the list of Network Identities?
1. Choose Options-Identities from the menu
2. Select the identity in the list
3. Press Remove Identity
Jeffrey Altman
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman
Jacob Morzinski via RT wrote:
The information that NIMv2 has no username field leaves me a bit
confused, but I'll hope for the best.
Regards,
-Jacob
See
http://www.secure-endpoints.com/netidmgr/proposal-nim-multiple-id-nc-ux.pdf
It includes mockups
Microsoft's ktpass.exe is used to construct keytabs with a single
principal. There is a strong need for ktutil.exe to exist on Windows in
order to merge keytab files without requiring that the keytabs be copied
to a UNIX system and back.
___
kfwdev
When built with VS2005, the installer must install the matching
redistributables. This is done using the provided redistributable
installer for release builds. For debug builds we must build our own
redistributable installer.
See what was implemented for OpenAFS.
The NSIS installer currently cannot handle installations on 64-bit
Windows. The NSIS installer process is itself 32-bit and therefore the
scripts must be modified to refer to the 64-bit registry and
non-shadowed file paths while performing the install.
for the 64-bit and 32-bit KFW packages are different
so they really should not be affected one another.
AMD64:
?define UpgradeCode=6DA9CD86-6028-4852-8C94-452CAC229244?
X86:
?define UpgradeCode=61211594-AAA1-4A98-A299-757326763CC7?
Jeffrey Altman
Secure Endpoints Inc
Are you absolutely sure that you did not have the 32-bit NSIS installation?
That will be removed by the 64-bit KFW MSI.
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev
[EMAIL PROTECTED] via RT wrote:
When you install each of theses, each asks:
Autostart the Network Identity Manager each time you login to Window
That's what I meant by a common service. I assumed this was a Windows
service (and am not sure if it's supplied with the Kerberos install
or
ccdefault.c:
krb5_cc_default_name() is permitted to return a NULL
pointer as a valid output. Passing a NULL pointer to
strcmp() will result in an exception as NULL is not
a valid input parameter to strcmp().
Save the output of krb5_cc_default_name() to a variable
and modify the conditional to
Checking in loadfuncs-krb5.h;
/cvs/pismere/pismere/athena/util/loadfuncs/loadfuncs-krb5.h,v --
loadfuncs-krb5.h
new revision: 1.14; previous revision: 1.13
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev
This patch modifies the NIM Kerberos v5 plug-in to use the
krb5_get_error_message() function to look up the error string
if the call to krb5_get_init_creds_password() fails. If the call
to krb5_get_error_message() fails, the caller will failover to
the previous method of looking up a
Christina:
You did not describe which version of KFW you installed. Would you?
Jeffrey Altman
Secure Endpoints Inc.
___
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev
credentials via the MSLSA: which
are being imported into Leash32
3. you do not have a %windir%\krb5.ini file containing the realm
information for your Active Directory domain
Therefore, the mit krb5 libraries are unable to contact the Active
Directory KDC to renew the imported TGT.
Jeffrey
The leashw32.dll is filled with calls to MessageBox(). The assumption
was that if an error occurred within the krb5 library that it should be
displayed to the end user. The problem is that KFW is no used only for
interactive applications and even when it is the generation of
MessageBoxes from
ma...@ntp.isc.org via RT wrote:
Jeffrey Altman via RT wrote:
The leashw32.dll is filled with calls to MessageBox(). The assumption
was that if an error occurred within the krb5 library that it should be
displayed to the end user. The problem is that KFW is no used only for
interactive
The following exception has been reported to the Windows Crash Reporting
service multiple times.
kernel32!RaiseException+0x58 (FPO: [4,20,0])
afsprocmgmt!DefaultActionHandler(int signo = 11)+0x46 (FPO: [Non-Fpo])
(CONV: cdecl)
[c:\src\openafs\openafs-1-5-branch\src\procmgmt\procmgmt_nt.c @ 175]
On 12/9/2010 11:06 AM, David R Boldt via RT wrote:
We have been able to build a 32-bit wshelper DLL that contains a larger
buffer. In testing, this fixes the problem in the production AD and test
environments.
Increasing the buffer size does not fix the problem. It avoids
running beyond
Thank you for the submission of the updated res_query.c. A diff or
patch would have been easier to read.
The submitted change ensures that the 'answer' buffer allocated on the
stack within do_res_search() is not written beyond its length but it
does so by breaking the semantics of
Kevin Koch via RT wrote:
Does the fact that additional krbcc32s servers are created mean that
the elevated process's logon session is different from the user's logon
session?
Yes.
___
kfwdev mailing list
kfwdev@mit.edu
64 matches
Mail list logo