Re: kadmin cpw does not complain about mismatching passwords

Cheers, Andreas -- | Andreas Haupt| E-Mail: andreas.ha...@desy.de | DESY Zeuthen| WWW:http://www-zeuthen.desy.de/~ahaupt | Platanenallee 6 | Phone: +49/33762/7-7359 | D-15738 Zeuthen | Fax:+49/33762/7-7216 smime.p7s Description: S/MIME cryptographic signature

Re: renewable in krb5.conf

renew_lifetime = 30d in krb5.conf and tickets are renewable for 30 days by default here. Doesn't that work for you? Cheers, Andreas -- | Andreas Haupt| E-Mail: andreas.ha...@desy.de | DESY Zeuthen| WWW:http://www-zeuthen.desy.de/~ahaupt | Platanenallee 6

Re: Segfaults after receiving invalid AS-REQ

Hi Sergio, On Wed, 2017-08-30 at 10:38 +0200, Sergio Gelato wrote: > * Andreas Haupt [2017-08-30 09:01:08 +0200]: > > > > we are running KDCs on Heimdal version 7.4. Since the update to version > > 7.x > > a few weeks ago we observe KDC segfaults after receiving invali

Segfaults after receiving invalid AS-REQ

worker process started: 29859 Cheers, Andreas -- | Andreas Haupt| E-Mail: andreas.ha...@desy.de | DESY Zeuthen| WWW:http://www-zeuthen.desy.de/~ahaupt | Platanenallee 6 | Phone: +49/33762/7-7359 | D-15738 Zeuthen | Fax:+49/33762/7-7216

Re: Weird cross-realm behaviour after upgrade to Heimdal 7.3

> > if ret is 0, so the KDC sends no reply. > That looks plausible, does the below look like the right fix to you? Yes! Already had a similar patch ready and this indeed cures the KDC's response behaviour to the client! Cheers, Andreas --  | Andreas Haupt| E-Mail: andr

Re: Weird cross-realm behaviour after upgrade to Heimdal 7.3

] Jul 11 16:06:55 chip-vm8 kdc[17992]: Searching referral for lxplus010.cern.ch Jul 11 16:06:55 chip-vm8 kdc[17992]: Server not found in database: krbtgt/cern...@ifh.de: Success --- Opened bug report: https://github.com/heimdal/heimdal/issues/299 Cheers, Andreas -- | Andreas Haupt| E

Re: Weird cross-realm behaviour after upgrade to Heimdal 7.3

Hi Jeffrey, On Mon, 2017-07-10 at 07:23 -0400, Jeffrey Altman wrote: > On 7/10/2017 4:49 AM, Andreas Haupt wrote: > > On Fri, 2017-07-07 at 15:01 -0400, Jeffrey Altman wrote: > > > > > > On 7/4/2017 3:05 AM, Andreas Haupt wrote: > > > I would like to see mo

Re: Weird cross-realm behaviour after upgrade to Heimdal 7.3

Hi Jeffrey, On Fri, 2017-07-07 at 15:01 -0400, Jeffrey Altman wrote: > On 7/4/2017 3:05 AM, Andreas Haupt wrote: > I would like to see more of the log entries that follow as well as a > packet capture.  There is not enough detail here to say what is going on. Do you mean a tcpdump c

Weird cross-realm behaviour after upgrade to Heimdal 7.3

on ports 88 and 750 here). Of course, it causes long timeouts before the ssh client gives up and asks for a password. Any idea to restore the old "Heimdal-1.2-style" behaviour? Is this considered a bug or misconfiguration? Thanks, Andreas -- | Andreas Haupt| E-Mail: andr

Re: Heimdal 7.3: ext_keytab fails with "Operation requires `get-keys' privilege"

[kdc1] /root # cat /var/heimdal/kadmind.acl /admin@ cpw,list,delete,modify,add,get,get-keys So, this behaviour change is everything but nice, nevertheless it still works ... Cheers, Andreas On Mon, 2017-06-26 at 11:18 +0200, Andreas Haupt wrote: > Dear all, > > Heimdal 7.3 seems

Heimdal 7.3: ext_keytab fails with "Operation requires `get-keys' privilege"

known issue? Any idea for a workaround? Thanks, Andreas -- | Andreas Haupt| E-Mail: andreas.ha...@desy.de | DESY Zeuthen| WWW:http://www-zeuthen.desy.de/~ahaupt | Platanenallee 6 | Phone: +49/33762/7-7359 | D-15738 Zeuthen | Fax:+49/33762/7-7216 s