kerberized ssh oddities

Hello, new to the list.. thought I would run this by some of you. When I ssh into a Linux machine with a kerberized ssh, everything seems to work fine ticket passing and all. The only thing is that when I run klist i get something like this: Credentials cahce /tmp/krb5cc_x not found but

kpasswd for DCE KDC

Hello, I've configured my kerberos which using DCE (IBM DCE V3.2) security Server as a KDC on AIX machine. I could get TGT by kinit command. But I couldn't use kpasswd well. monaco # ./kpasswd saho ./kpasswd: Server not found in Kerberos database getting initial ticket My question is:

Re: Cross Realm Authentication: Decrypt integrity check failed

You cannot use kdb5_util load/dump to move principals between realms with different master keys. That might be your problem. I'd recommend deleting the two principals for the cross realm keys and recreating them with known passwords on both systems.

Re: Docs on string-to-key routines?

On Friday, March 12, 2004 00:41:06 -0800 Henry B. Hotz [EMAIL PROTECTED] wrote: At 8:54 PM -0500 3/11/04, Jeffrey Hutzelman wrote: On Thursday, March 11, 2004 16:38:46 -0800 Henry B. Hotz [EMAIL PROTECTED] wrote: Where is the real description of the string-to-key functions, V4, AFS, and V5?

RE: Password synching

At 9:40 AM -0600 3/12/04, Digant Kasundra wrote: Is anyone aware of any product that can sync passwords between an MIT Kerberos KDC and MS Active Directory? Alf Wachsmann at SLAC is doing this with Heimdal. Personally I'd rather only have the passwords (keys actually) stored in one of the

Re: Docs on string-to-key routines?

At 12:40 PM -0500 3/12/04, Jeffrey Hutzelman wrote: Note that it sounds like the OpenAFS code you were looking at was actually src/des/strng_to_key.c, which implements the DES string-to-key function, not the AFS one. The AFS string-to-key code is in src/kauth/client.c. Correct. I looked for

Re: Is Kerberos a good solution for web-single signon

[EMAIL PROTECTED] (paul b) wrote in message news:[EMAIL PROTECTED]... Hello, I am currently developping a web single signon-system and I am thinking about using Kerberos for this propose [snip] Perhaps someone can tell me if Kerberos is really a good solution for web-single signon(and

Re: WebISO: the killer kerberos app?

Russ Allbery [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... [snip] The application server then receives and decodes that authenticator, validates it, and then creates a cookie containing a more persistant authenticator just for that service. That cookie is, however, now that