Server not found in database: afs/[EMAIL PROTECTED]: No such
entry in the database
Just ignore this error, its kinit/pam modules trying to do afslog and
tries diffrent names
for the service. You might have a [EMAIL PROTECTED] if cellname and
realmname
only differ in case-ing.
and
19 mar 2007 kl. 01.20 skrev Jukka Salmi:
Is this a bug or a feature? I would have expected a forwardable ticket
to be still forwardable after being renewed, by default...
Can you try heimdal 0.8 snapshot and see if that have the same behavior,
I think I fixed a bug like this some time ago.
We have had the ipropd-master process die with the following error:
Assertion failed: tmp == *len, file log.c, line 748
The only work around I could come up with was to move the slave
databases out of the way and copy the database/log file from the
master. This allowed replication to
21 feb 2007 kl. 14.31 skrev Henry B. Hotz:
Been using the above mentioned fix, so not sure how much I care,
but it might come back to haunt me.
So if I parse this correctly, there is no longer any memory leaks ?
Love
22 feb 2007 kl. 12.52 skrev Eric Sturdivant:
Sorry about the delay, on vacation.
So the log file seem to be corrupted in the end, did your disk
fill up at some point ?
Nope, we still have ~18gb free on that partition.
Since the iprop log contains key information I don't want to ask
for
13 feb 2007 kl. 06.58 skrev Andrew Bacchi:
I'm not certain if this question belongs here or in the AFS list.
Probably more of an AFS issue. I think you is missing a pts entry
for this principal.
I don't remember the kerberos 4 mapping to AFS mapping
in AFS off my head, you need to check that
Perhaps lib/krb5/keytab.c:krb5_kt_get_entry around line 372 should
have:
371 krb5_kt_get_name (context, id, kt_name, sizeof(kt_name));
372 krb5_enctype_to_string(context, enctype, enctype_str);
if (kt_name[0] == '\0')
strcpy(kt_name, MEMORY);
373
374
The issue was that trying to acquire a credential
could result in a redundant AS-REQ. It turned out to be
lib/mechglue/g_acquire_cred.c:gss_acquire_cred was looping over all
mechanisms. The problem was that with SPNEGO it did KRB5 twice, once
for KRB5 mech and once through SPNEGO mech calling
8 feb 2007 kl. 16.14 skrev Michael B Allen:
Please consider the below patch. This will cause
krb5_cc_set_default_name
to be called if KRB5CCNAME changes at all. It assumes getenv returns
the same address but if it does not the code is at least correct.
Shouldn't all inputs that changes the
8 feb 2007 kl. 15.49 skrev Michael B Allen:
Also, I would like to mention a very very minor issue related to the
message above.
If lib/krb5/get_in_tkt.c:init_as_req is called with krb5_kt_get_entry
as key_proc and it does not find the desired key, the enctype listed
in the error message will
Doesn't the ccache = NULL in gsskrb5_accept_delegated_token prevent
id
from being closed?
180 (*delegated_cred_handle)-cred_flags |=
GSS_CF_DESTROY_CRED_ON_RELEASE;
181 ccache = NULL;
^^
182 }
183
184 out:
185 if (ccache) {
186 if
Hello,
I am using heimdal 0.7.2 with Openldap 2.3.32 backend.
When I change passwords using MIT kpasswd from a RedHat 40 U4 server,
the password changes however I don't see through kadmin?
The password changed doesn't exist in in released heimdal, 0.8 will
have support for it. The kadmin
Hello
I just cooked the heimdal 0.8-rc8 tar ball and Mac
Universal Binary package, they are available here:
ftp://ftp.pdc.kth.se/pub/heimdal/src/snapshots/heimdal-0.8-rc7.tar.gz
ftp://ftp.pdc.kth.se/pub/heimdal/src/snapshots/heimdal-0.8-rc7.dmg
Again, if you want binary packages generated for
1 feb 2007 kl. 06.37 skrev Mustafa A. Hashmi:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1214949696 (LWP 26400)]
LDAP__connect (context=0x8057030, db=0x80580c8) at hdb-ldap.c:1418
1418if (HDB2LDAP(db)) {
(gdb) bt
How about this patch ?
31 jan 2007 kl. 16.34 skrev Mustafa A. Hashmi:
Hi all,
A very simple pkinit setup just to test things up and running on
debian etch.
When I get a kerberos ticket via kinit -C FILE:user.crt,user.key, the
following is logged in kdc.log:
I assume your pem file is password protected ?
What
stepi hangs. Does not return to the debugger prompt.
^C
bt
Shows the same stack (as expected).
Can you get trace from the kernel for that process ?
Love
26 jan 2007 kl. 20.18 skrev Henry B. Hotz:
The Microsoft KB article referenced on the Heimdal PKINIT web page,
313274, seems to no longer be available.
Is this one the correct replacement?
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q281245
No, its not, 313274 was a wrapper
==
All 1 tests passed
==
Making check in ftpd
make check-local
hang
This is strange since check-local only checks that the command
supports --version. Are you sure that the right process
that is hanging ?
Love
Love Hörnquist Åstrand wrote:
15 jan 2007 kl. 23.24 skrev Douglas E. Engert:
The code was not checking if this was the case and always using the
skey and thus would fail to decrypt PAC_SERVER_CHECKSUM.
This is fixed by post 0.8-rc3, I got the same bug report from
Andrew Bartlett.
Are you sure
15 jan 2007 kl. 23.24 skrev Douglas E. Engert:
The code was not checking if this was the case and always using the
skey and thus would fail to decrypt PAC_SERVER_CHECKSUM.
This is fixed by post 0.8-rc3, I got the same bug report from Andrew
Bartlett.
Are you sure this is correct you
11 jan 2007 kl. 17.45 skrev Alberto Fondi:
Yes the output for my certificate is
Do you have any explaining error message in the kdc log, or it it
just a client side failure
(ie it looks like its ok in the KDC log) ?
Love
/heimdal-0.8-rc3/tests/
plugin'
gmake[1]: *** [check-recursive] Error 1
gmake[1]: Leaving directory `/export/heimdal/heimdal-0.8-rc3/tests'
gmake: *** [check-recursive] Error 1
[EMAIL PROTECTED] heimdal-0.8-rc3]#
Love Hörnquist Åstrand wrote:
Hello
I've just created a heimdal 0.8-rc3 snapshot
9 jan 2007 kl. 20.27 skrev Douglas E. Engert:
Removing the if and abort lines, so the modules and exponent
can both be missing, allows it to work as the auth cert
is present.
Updated the comment and remove the abort().
Thanks!
Love
I'm having trouble with the PAC test in Heimdal. It looks to me
like we
hit an host-dependent bug, as some hosts fail the test:
Yes, (at least some) Linux-is and solaris needs RTLD_LAZY. Fixed the
tree, thanks.
Love
15 dec 2006 kl. 18.25 skrev Alberto Fondi:
These are the errors the make command gives me when i execute it.
The snapshot is the last published
vis.c:346:52: macro strsvisx passed 5 arguments, but takes just 4
vis.c: In function `rk_strvisx':
try
6 dec 2006 kl. 23.39 skrev Hai Zaar:
since I do not have kadmin/admin credential in cache.
it will ask you for you password since the principal in the credental
cache
doesn't match what it think its the default (your principal with /
admin added).
If you specify the principal with -p it
to the linker, but during linking (Linux x86)) ld fails with
/usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.5-20050130/../../../../
i686-pc-linux-gnu/bin/ld:
unrecognized option '-pthreads'
I think, you should replace -pthread by -lpthread. Don't ask me
how this came into your krb5-config.
4 dec 2006 kl. 23.36 skrev Olga Kornievskaia:
Hi,
I have a couple of questions: have you ever tested pkinit code
with gssmonger/gssmaestro/gssmask? The reason i ask is that I don't
see any way to actually pass in pkinit options to the code. kinit
would usually call
28 nov 2006 kl. 01.23 skrev Henry B. Hotz:
That's a section of http://www.pdc.kth.se/heimdal/heimdal.html
that isn't filled out.
I would assume that it's intended to describe how to put the PKI
cert name -- Kerberos Principal mapping into the database itself
instead of in the cert's.
17 nov 2006 kl. 15.47 skrev Harald Barth:
Is gss_nt_service_name declared in Heimdal Kerberos?
Heimdal uses GSS_C_NT_HOSTBASED_SERVICE as its defined in
rfc2744.
If not, what can I use to replace it?
Yes, that would be nice to know. I may be stuck at the same spot
trying to compile
16 nov 2006 kl. 16.31 skrev Kevin Coffman:
There are currently inconsistencies in the use of underscores and
hyphens in the Heimdal (pkinit/pki) config parameters. I think there
are also inconsistencies with pki- vs. pkinit- in some cases? Is
it too late, too painful, to make these consistent
16 nov 2006 kl. 06.10 skrev Ralph:
What's the meaning of 'not compatible'? Do you mean Heimdal has
already know the structure of this piece of data (padata 129)? Or,
does Heimdal use another approach to prived Constrained Delegation and
Protocol Transition?
There is a diffrent wireformat
I can't find any documentation about how
/Library/Preferences/edu.mit.Kerberos, /etc/krb5.conf are read by
libkrb and in what preference order conflicting entries are resolved.
My ktrace output indicates that they are read both. Version is a
snapshot from last month.
25 okt 2006 kl. 14.26 skrev Athanasios Moralis:
and I found that if I put pkinit_require_eku=false I have a
successful logging. :-)
Setting win2k_pkinit_require_binding = yes did not affect the result.
This is something that I should really look into it. Perhaps my
certificate
does not
34 matches
Mail list logo
