Here is a way I've been using.. /usr/krb5/sbin/ktutil <<EOF rkt $DIR/keytabs/$HOST.keytab wkt /etc/krb5/krb5.keytab list exit EOF
Ubaid Rahman Senior AIX Administrator SCS C&ES Infrastructure Admin 1 # 146E Ph # *.703.2817 (internal) or 919.483.2817 (external) # 919.314.7177 (cell) -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Thursday, May 19, 2011 12:03 PM To: [email protected] Subject: Kerberos Digest, Vol 101, Issue 14 Send Kerberos mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://mailman.mit.edu/mailman/listinfo/kerberos or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Kerberos digest..." Today's Topics: 1. Re: BUG Report : 'krb5.ini' not found on Windows. (Weijun Wang) 2. How to write script for ktutil (Carfield Yim) 3. How to buil Kerberos for windows (Dao, Khanh (IS)) 4. Instant Messaging client-server solution? (Jaap Winius) 5. Re: Instant Messaging client-server solution? (Russ Allbery) 6. Re: Instant Messaging client-server solution? (Dax Kelson) ---------------------------------------------------------------------- Message: 1 Date: Wed, 18 May 2011 11:49:05 +0800 From: Weijun Wang <[email protected]> Subject: Re: BUG Report : 'krb5.ini' not found on Windows. To: [email protected] Cc: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset=UTF-8; format=flowed On 05/18/2011 02:43 AM, Jeffrey Altman wrote: > Application specific configuration files do not belong in \WINDOWS. > The correct place for krb5.ini is \ProgramData\Kerberos\krb5.ini which > requires that the environment variable KRB5_CONFIG be set to refer to > that file. > > I do not know whether or not Java will pay attention to the environment > variable. We are not reading this environment variable, will consider adding it. So, the logic will be 1. If java system property java.security.krb5.conf set, use it 2. If KRB5_CONFIG set, use it 3. If $JRE/lib/security/krb5.conf exists, use it 4. If Windows: a) If there is krb5.ini in GetWindowsDirectory, use it b) If there is krb5.ini in GetSystemWindowsDirectory, use it c) Use USERDNSDOMAIN and LOGONSERVER environment variables 5. If *nix: a) If Solaris, try /etc/krb5/krb5.conf b) Otherwise, try /etc/krb5.conf c) Use DNS Thanks Weijun > > Jeffrey Altman > > > On 5/17/2011 6:53 AM, Onkesh Bansal wrote: >> Hello, >> >> >> >> Configuration>> >> >>>>> Windows 2008 R2 (Service Pack 1) workstation. >> >> >> >> I am having this problem on my machine and am not able to figure out >> what is the root cause. >> >> The scenario seems with Terminal Services installed on the system and >> when the authentication has to be done via the LDAP over the local >> network. >> >> >> This BUG has been logged with ORACLE-JAVA at >> http://bugs.sun.com/view_bug.do?bug_id=6793475 and they have already >> provided with a work around. >> >> My Query is: >> >> 1. What is the reason behind this bug. I need to know the root >> cause for this. >> >> 2. What should be my steps (apart from the workaround provided >> with the bug resolution) so as to prevent any future re-occurrences? >> ie I need a fix. >> >> 3. Can it be related to the version changes of Kerberos or is it >> because of Windows 2008? >> >> >> >> Thanks& Regards, >> >> Onkesh Bansal >> >> Engineer-1 QA, >> >> Quark Media House (P) Ltd. >> >> [email protected] >> >> ________________________________________________ >> Kerberos mailing list [email protected] >> https://mailman.mit.edu/mailman/listinfo/kerberos > > > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos ------------------------------ Message: 2 Date: Wed, 18 May 2011 02:44:03 -0700 (PDT) From: Carfield Yim <[email protected]> Subject: How to write script for ktutil To: [email protected] Message-ID: <75285564-eee9-4a0d-be1b-9220682ce...@d19g2000prh.googlegroups.com> Content-Type: text/plain; charset=ISO-8859-1 We need to automatically generate Kerberos Keytab at Solaris machine on Windows Active directory. The tool ktutil can let us do that manually on solaris. However, look like there is no way to put the command ktutil in a script, I tried to put all the command, as well as passwords, in the file "input.txt" , and run cat input.txt | ktutil However, ktutil will complaint about : "addent: Cannot read password while adding new entry" Anyway I can put that in a script? From some web search there is a perl module Authen-Krb5-Admin for this task, but the corresponding documentation is not much, will anyone have good pointer about that? Or I can simply do that using shell script? ------------------------------ Message: 3 Date: Wed, 18 May 2011 19:43:17 +0000 From: "Dao, Khanh (IS)" <[email protected]> Subject: How to buil Kerberos for windows To: "[email protected]" <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Hi, I am seeking the info how to build latest Kerberos 5 Release 1.9.1 for windows. Following the instruction I got C:\Program Files\Microsoft SDKs\Windows\v6.1\include\ntstatus.h(11618) : warning C4005: 'STATUS_SXS_INVALID_DEACTIVATION' : macro redefinition C:\Program Files\Microsoft SDKs\Windows\v6.1\include\winnt.h(1857) : see previous definition of 'STATUS_SXS_INVALID_DEACTIVATION' ..\..\..\config\rm.bat ..\obj\i386\dbg\ccache.lst ..\..\..\util\windows\obj\i386\dbg\libecho -p ccache\ obj\i386\dbg\*.obj ccapi\obj\i386\dbg\*.obj > ..\obj\i386\dbg\ccache.lst NMAKE : fatal error U1077: 'for' : return code '0x15a3e8' Stop. NMAKE : fatal error U1077: 'for' : return code '0x1' Stop. NMAKE : fatal error U1077: 'for' : return code '0x1' Stop. NMAKE : fatal error U1077: 'for' : return code '0x1' Stop. Is there any installer for Windows for latest Kerberos 5 Release 1.9.1 ? Thanks Khanh Dao Software Engineer Northrop Grumman Information Systems, Inc. Defense Mission Systems Division Airbone & Maritime System (AMS) 9326 Spectrum Center Blvd., Mail Stop CA222/1138 San Diego, CA 92123 858-514-9177 Fax: 858-514-9010 ------------------------------ Message: 4 Date: Wed, 18 May 2011 02:29:32 +0200 From: Jaap Winius <[email protected]> Subject: Instant Messaging client-server solution? To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Hi folks, Can anyone recommend and an Instant Messaging solution, client and server, that plays nice with Kerberos 5? The group of people I would be setting it up for all recently switched from using Windows XP workstations to Debian squeeze with Xfce. They're still getting used to the environment, so I don't want to offend their sensibilities too much with an IM client that is too minimal. They currently would prefer to use Pidgin, but are still flexible. Their network consists of three geographically separate locations, each with its own Debian squeeze server that includes an iptables firewall and NAT, as well as IPv6 (and another firewall for that). The three servers communicate with each other via the Internet, but always through the firewalls (and NATs for IPv4). Zephyr may be a solution, but I'm not sure it would work with the NATs. Thanks, Jaap ------------------------------ Message: 5 Date: Wed, 18 May 2011 13:21:56 -0700 From: Russ Allbery <[email protected]> Subject: Re: Instant Messaging client-server solution? To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset=us-ascii Jaap Winius <[email protected]> writes: > Can anyone recommend and an Instant Messaging solution, client and > server, that plays nice with Kerberos 5? For client, Pidgin works well with GSS-API and is cross-platform. For server, we ended up using OpenFire, but I know there are others out there that can also do GSS-API. OpenFire has the drawback that it's written in Java and uses a completely bizarre configuration mechanism that we had a lot of trouble with. You also have to fiddle with it a bit to get GSS-API to work properly. It wasn't an entirely obvious deployment, unfortunately. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ------------------------------ Message: 6 Date: Wed, 18 May 2011 14:40:24 -0600 From: Dax Kelson <[email protected]> Subject: Re: Instant Messaging client-server solution? To: Jaap Winius <[email protected]> Cc: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="UTF-8" On Wed, 2011-05-18 at 02:29 +0200, Jaap Winius wrote: > Hi folks, > > Can anyone recommend and an Instant Messaging solution, client and > server, that plays nice with Kerberos 5? We used Pidgin and OpenFire in our office. Works well. Was pretty straightforward to configure. Dax Kelson Guru Labs ------------------------------ _______________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos End of Kerberos Digest, Vol 101, Issue 14 ***************************************** ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
