Hi,
I have a question on Kerberos Proxy and forward tickets.
Can a service holding a forwarded ticket get a proxy ticket for another
service or a user?
My understanding of Kerberos 15 days old and I need your comments on this.
This is will be considered as a solution for a service called
In the following code segment, pw1 and chpw_cred are never used. What gives? -Scott
KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
krb5_get_init_creds_password(context, creds, client, password, prompter, data,
start_time, in_tkt_service, options)
krb5_context context;
Now it works
For your information, the problem was that the KDC
was listening only on port 88 and not 750, so kinit and
kadmind was unable to communicate with it.
Apache authentication with mod_auth_kerb works fine.
I tried to authenticate my solaris8 box with the bundled
PAM_Kerb5 module, and
What objectClasses do you have defined for the user accounts? Make sure
that you have shadowAccount in there. Here's what I have:
objectClass=person
objectClass=organizationalPerson
objectClass=inetOrgPerson
objectClass=posixAccount
objectClass=shadowAccount
objectClass=top
Are you talking about LDAP ?
It looks like it, I would really like to plug my MIT Kerberos KDC into
LDAP but it doesnt seem to support it so far. because I didnt
see the option when configuring it.
Here is the output of the principal Im am using for test :
kadmin: getprinc yan/admin
Principal:
Yes sorry, those are LDAP objectClasses. Prior to having the shadowAccount
objectClass in my account I was getting the same Secure RPC required
error that you mentioned. Where are you getting account info from? Local
account? NIS?
--Matthew
--On Wednesday, April 02, 2003 10:55 PM -0500 Yan
Yan [EMAIL PROTECTED] writes:
Now it works
For your information, the problem was that the KDC
was listening only on port 88 and not 750, so kinit and
kadmind was unable to communicate with it.
That should not cause it not to work. Using port 88 is normal for
Kerberos 5, 750 is mainly for
raeburn == Ken Raeburn [EMAIL PROTECTED] writes:
raeburn Yan [EMAIL PROTECTED] writes:
Now it works
For your information, the problem was that the KDC
was listening only on port 88 and not 750, so kinit and
kadmind was unable to communicate with it.
raeburn That should not cause it not to
[EMAIL PROTECTED] (Scott T.) writes:
...
In the following code segment, pw1 and chpw_cred are never used. What gives? -Scott
You're right, they're not used. Where did this code come from?
The ancestor of this code appears to be
krb5/src/lib/krb5/krb/gic_pwd.c
and what I think is
The solution you propose should work. One concern I have is that
proxy tickets are not well tested.
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
10 matches
Mail list logo