Question About Kerberos
Hi I am new to Kerberos. Recently, I have installed a Kerberos5 version 1.2.4 on a RedHat 7.2 server with a realm name UNIVERSAL.COM. In the same server, I also installed a SSH2 version 3.1.0 from SSH Communication. I compiled the SSH2 source code with --with-kerberos5. In addition, I also include the parameters AllowedAuthentication [EMAIL PROTECTED], [EMAIL PROTECTED] in the /etc/ssh2/sshd2_config. I have no problem to logon to the same machine using Kerberos authentication. To test a remote kerberize host, I have installed anonther machine with RedHat 6.2 and installed with a kerberized SSH2 version 3.1.0 with the same configuration for the /etc/ssh2/sshd2_config. However, the authentication does not work this round. (a) Can you indicate which portion is not configured correctly? (b) I was trying to installed OpenSSH but I can't find any article mention about configuring OpenSSH with Kerberos V. Where can I locate any document? (c) If I am not wrong, for each kerberize host, and allow a kerberos user to logon to this host, I need to add a same user account name in the kerberize host /etc/passwd but without password. Is it suppose to be? Thank you very much for answering my question. Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
[ANNOUNCE] Authen::Krb5::KDB 0.05 released
Version 0.05 of the module Authen::Krb5::KDB has been released to CPAN. This is an alpha release so all suggestions are welcome. The README document is attached below. Please note that the name has changed from previous versions from Krb5::KDB to Authen::Krb5::KDB. This was done to (1) not create a new top-level within the CPAN archive, and (2) to be consistant with already existing Authen::Krb5:: modules. You can install this either by using the the CPAN shell: perl -MCPAN -e 'install(Authen::Krb5::KDB)' or by using your web browser and pointing it to the CPAN search engine: http://search.cpan.org/search?module=Authen::Krb5::KDB --- README --- Authen::Krb5::KDB is a set of perl modules to read and parse Kerberos V5 dump files. Currently it supports Version 3, 4 and 5 dump files. This is an alpha release of this module so the interface could change. If you have any suggestions, problems, or comments please email me at the address below. You install the library by running these commands: perl Makefile.PL make make test make install The module KDB_H.pm is generated via the script gen_kdb_h.plx but since it requires the Kerberos sources to be available it's not run automatically from the Makefile. The module in this distribution is build from Kerberos Version 1.2.4 and should work on any older versions. If you want to rebuild the KDB_H.pm module, run the following command with the appropriate path to your Kerberos sources: perl gen_kdb_h.plx /my/sources/krb5-1.2.4/src The following modules are required: Carp POSIX Please report any bugs/suggestions to [EMAIL PROTECTED] Copyright (c) 2002 David K. Steiner. All rights reserved. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. -- Dave Steiner [EMAIL PROTECTED] Network Systems and Services, Telecommunications Division Rutgers University Computing Services, Rutgers University Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: -x not working with rlogin.
Sandeep Gopal Nijsure wrote: Hi all, I am running a klogind with the options -e5c. I am trying to run Kerberos version of rlogin to connect to it. If I use -x option with rlogin, then it does not work. Shows me the message Connection refused. I am running Debian Linux 3.0 with 2.4.6 kernel, and Kerberos 1.2.3. What could be the reason? In inetd.conf, which service/port are you using? Are you using the klogin service/port (543/tcp), or the eklogin service/port (2105/tcp)? I think rlogin -x expects to connect to the eklogin port, not the klogin port. So, even if you have the klogind set to use encryption, if it's running on the klogin port instead of the eklogin port, it might not work. But I could be wrong :-} Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: krb5.conf supporting Kerberos for Macintosh 4.0
Rich Johnson wrote: I'm trying to use Kerberos for Macintosh (4.0) client with a server from the debian distribution (krb*_1.2.4). Everything is used just out of the box except the .conf files. I can't get past a Auth expired message when I try to get tickets from Kerberos for Macinosh. I _think_ the problem lies with my krb5.conf, After prowling throught the code, I found that adding: v4_mode = full to krb5.conf's [libdefaults] section relieved the problem. I'm not sure if this is the right way to resolve the problem, but it does get me moving forward. --rich Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Want to Kerberize an app
Paul K Watje/AssetSltns/Systems/HSAS/MAXIMUS wrote: Hello, A client has asked us to Kerberize our product. I have looked through the FAQ's and Web sites and I understand what is going on. But I have been unable to find a guide, manual, or example on how to Kerberize the code for an application. If any one has any docs or is willing to share some code samples for Powerbuilder or Visual Basic, even C or C++, it would be greatly appreciated. Paul K. Watje Principled Analyst Asset Solutions, a division of MAXIMUS The krb5 disto from MIT includes two sample programs (sserver and sclient) which demonstrate how kerberos initiates, accepts and establishes a connection. Looking at this code should give you some ideas. --cory Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos