On Mon, Jan 07, 2013 at 05:00:09PM +0100, Han Boetes wrote:
> I just had a long and fruitfull debugging session with Sumit and this is
> what we discovered.
Thank you for your patience and help to debug this issue.
>
> The default settings do run fine for linux machines but for windows hosts
> t
I just had a long and fruitfull debugging session with Sumit and this is
what we discovered.
The default settings do run fine for linux machines but for windows hosts
they do not suffice. Sumit is submitting bug reports and hopefully they
will be applied to the next 2.2.x release. This problem doe
On Mon, Jan 07, 2013 at 09:56:42AM +0100, Han Boetes wrote:
> There was something going on with a firewall blocking something and that
> windows host didn't have a cert yet. But still:
>
> Using Kerberos authentication
> Using principal fh@REALM
> Got host ticket host/test-server-ipa.domain@REALM
There was something going on with a firewall blocking something and that
windows host didn't have a cert yet. But still:
Using Kerberos authentication
Using principal fh@REALM
Got host ticket host/test-server-ipa.domain@REALM
Using username "fh".
Successful Kerberos connection
Last login: Mon Jan
On Mon, Jan 07, 2013 at 09:15:41AM +0100, Han Boetes wrote:
> On Fri, Jan 4, 2013 at 6:52 PM, Sumit Bose wrote:
>
> > About delegating credentials, you might need to set the ok_as_delegate
> > flag on the host/* service ticket. To do this you can call kadmin.local
> > on the IPA server and then u
On Fri, Jan 4, 2013 at 6:52 PM, Sumit Bose wrote:
> About delegating credentials, you might need to set the ok_as_delegate
> flag on the host/* service ticket. To do this you can call kadmin.local
> on the IPA server and then use
>
> modprinc +ok_as_delegate host/test-server-ipa.realm@REALM
>
> t
On Fri, Jan 04, 2013 at 04:56:18PM +0100, Han Boetes wrote:
> Your information about the quest putty version seems to be outdated. ;-)
>
> Quest Softare no longer maintains recent releases of PuTTY. To obtain the
> latest stable release of PuTTY please goto PuTTY Download Page
> * The functionalit
On 01/04/13 06:56, Han Boetes wrote:
> Your information about the quest putty version seems to be outdated. ;-)
>
> Quest Softare no longer maintains recent releases of PuTTY. To obtain
> the latest stable release of PuTTY please goto PuTTY Download Page
> * The functionality that was provided by
Your information about the quest putty version seems to be outdated. ;-)
Quest Softare no longer maintains recent releases of PuTTY. To obtain the
latest stable release of PuTTY please goto PuTTY Download Page
* The functionality that was provided by Quest Software's PuTTY packages
have now been i
On Fri, Jan 04, 2013 at 04:14:36PM +0100, Han Boetes wrote:
> You are absolutely right; the credentials aren't forwarded.
>
> I have enabled the option "allow gssapi credential delegation". So one
> would expect that it should work.
>
> I just installed the mit kerberos tools and I can see all th
You are absolutely right; the credentials aren't forwarded.
I have enabled the option "allow gssapi credential delegation". So one
would expect that it should work.
I just installed the mit kerberos tools and I can see all the options and
forwarding tickets is allowed according to the interface.
Han Boetes wrote:
I've set up windows with the instructions given over here:
http://freeipa.com/page/Windows_authentication_against_FreeIPA
And all seems to be working fine. After I run klist I see valid tickets:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Al
I've set up windows with the instructions given over here:
http://freeipa.com/page/Windows_authentication_against_FreeIPA
And all seems to be working fine. After I run klist I see valid tickets:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalte
13 matches
Mail list logo