Hello, new to the list.. thought I would run this by some of you.
When I ssh into a Linux machine with a kerberized ssh, everything seems
to work fine ticket passing and all. The only thing is that when I run
klist i get something like this:
Credentials cahce /tmp/krb5cc_x not found
but
Hello,
I've configured my kerberos which using DCE (IBM DCE V3.2) security Server
as a KDC on AIX machine.
I could get TGT by kinit command. But I couldn't use kpasswd well.
monaco # ./kpasswd saho
./kpasswd: Server not found in Kerberos database getting initial ticket
My question is:
You cannot use kdb5_util load/dump to move principals between realms
with different master keys. That might be your problem.
I'd recommend deleting the two principals for the cross realm keys and
recreating them with known passwords on both systems.
On Friday, March 12, 2004 00:41:06 -0800 Henry B. Hotz
[EMAIL PROTECTED] wrote:
At 8:54 PM -0500 3/11/04, Jeffrey Hutzelman wrote:
On Thursday, March 11, 2004 16:38:46 -0800 Henry B. Hotz
[EMAIL PROTECTED] wrote:
Where is the real description of the string-to-key functions, V4, AFS,
and V5?
At 9:40 AM -0600 3/12/04, Digant Kasundra wrote:
Is anyone aware of any product that can sync passwords
between an MIT
Kerberos KDC and MS Active Directory?
Alf Wachsmann at SLAC is doing this with Heimdal.
Personally I'd rather only have the passwords (keys actually) stored
in one of the
At 12:40 PM -0500 3/12/04, Jeffrey Hutzelman wrote:
Note that it sounds like the OpenAFS code you were looking at was
actually src/des/strng_to_key.c, which implements the DES
string-to-key function, not the AFS one. The AFS string-to-key code
is in src/kauth/client.c.
Correct. I looked for
[EMAIL PROTECTED] (paul b) wrote in message news:[EMAIL PROTECTED]...
Hello,
I am currently developping a web single signon-system and I am
thinking about using Kerberos for this propose
[snip]
Perhaps someone can tell me if Kerberos is really a good solution for
web-single signon(and
Russ Allbery [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]...
[snip]
The application server then receives and decodes that authenticator,
validates it, and then creates a cookie containing a more persistant
authenticator just for that service. That cookie is, however, now that