On Fri, Jan 4, 2013 at 6:52 PM, Sumit Bose sb...@redhat.com wrote:
About delegating credentials, you might need to set the ok_as_delegate
flag on the host/* service ticket. To do this you can call kadmin.local
on the IPA server and then use
modprinc +ok_as_delegate
On Mon, Jan 07, 2013 at 09:15:41AM +0100, Han Boetes wrote:
On Fri, Jan 4, 2013 at 6:52 PM, Sumit Bose sb...@redhat.com wrote:
About delegating credentials, you might need to set the ok_as_delegate
flag on the host/* service ticket. To do this you can call kadmin.local
on the IPA server
There was something going on with a firewall blocking something and that
windows host didn't have a cert yet. But still:
Using Kerberos authentication
Using principal fh@REALM
Got host ticket host/test-server-ipa.domain@REALM
Using username fh.
Successful Kerberos connection
Last login: Mon Jan
On Mon, Jan 07, 2013 at 09:56:42AM +0100, Han Boetes wrote:
There was something going on with a firewall blocking something and that
windows host didn't have a cert yet. But still:
Using Kerberos authentication
Using principal fh@REALM
Got host ticket host/test-server-ipa.domain@REALM
I just had a long and fruitfull debugging session with Sumit and this is
what we discovered.
The default settings do run fine for linux machines but for windows hosts
they do not suffice. Sumit is submitting bug reports and hopefully they
will be applied to the next 2.2.x release. This problem
On Mon, Jan 07, 2013 at 05:00:09PM +0100, Han Boetes wrote:
I just had a long and fruitfull debugging session with Sumit and this is
what we discovered.
Thank you for your patience and help to debug this issue.
The default settings do run fine for linux machines but for windows hosts
they
Han Boetes wrote:
I've set up windows with the instructions given over here:
http://freeipa.com/page/Windows_authentication_against_FreeIPA
And all seems to be working fine. After I run klist I see valid tickets:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.
You are absolutely right; the credentials aren't forwarded.
I have enabled the option allow gssapi credential delegation. So one
would expect that it should work.
I just installed the mit kerberos tools and I can see all the options and
forwarding tickets is allowed according to the interface.
On Fri, Jan 04, 2013 at 04:14:36PM +0100, Han Boetes wrote:
You are absolutely right; the credentials aren't forwarded.
I have enabled the option allow gssapi credential delegation. So one
would expect that it should work.
I just installed the mit kerberos tools and I can see all the
Your information about the quest putty version seems to be outdated. ;-)
Quest Softare no longer maintains recent releases of PuTTY. To obtain the
latest stable release of PuTTY please goto PuTTY Download Page
* The functionality that was provided by Quest Software's PuTTY packages
have now been
On 01/04/13 06:56, Han Boetes wrote:
Your information about the quest putty version seems to be outdated. ;-)
Quest Softare no longer maintains recent releases of PuTTY. To obtain
the latest stable release of PuTTY please goto PuTTY Download Page
* The functionality that was provided by
On Fri, Jan 04, 2013 at 04:56:18PM +0100, Han Boetes wrote:
Your information about the quest putty version seems to be outdated. ;-)
Quest Softare no longer maintains recent releases of PuTTY. To obtain the
latest stable release of PuTTY please goto PuTTY Download Page
* The functionality
12 matches
Mail list logo