Hi, folks
I've tested the openLDAP+MIT kerberos+SASL/GSSAPI on Linux (and I'm quite
happy with it), but I'll need the client-side support on the windows side
as well. Anyone knows of some good online docs that explain what has to be
done on the windows side?
For instance, there is apparently
[EMAIL PROTECTED] wrote:
Hi, folks
I've tested the openLDAP+MIT kerberos+SASL/GSSAPI on Linux (and I'm quite
happy with it), but I'll need the client-side support on the windows side
as well. Anyone knows of some good online docs that explain what has to be
done on the windows side?
Although a bit dated the Microsoft links
http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/featusability/kerbinop.asp
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/kerbstep.asp
still provide the most complete documentation on setting up cross-realm
The indication from this page is that the SASL-GSSAPI builds against
the CyberSafe sources. You should be able to modify that to build
against the MIT Kerberos for Windows 2.6.x SDK quite easily.
Response from CyberSafe :
Alternatively, you could use the CyberSafe runtime library which works
See below...
---
This message is provided AS IS with no warranties, and confers no
rights.
This message may originate from an unmonitored alias (davespam) for
spam-reduction purposes. Use davidchr for individual replies.
Any opinions or policies stated within are my own and do not necessarily
On Monday, April 12, 2004 16:52:23 -0700 Donn Cave [EMAIL PROTECTED]
wrote:
I believe we're more or less always asking for this trouble.
If you don't get a canonical, reverse looked-up name back
out of MIT Kerberos krb5_sname_to_principal(), then you're
doing something different than me.
Well,
On Tuesday, April 13, 2004 03:00:40 +0200 Jerome Walter
[EMAIL PROTECTED] wrote:
By the way, a common constant on the programs is that most want access
do urandom devices, but do not require it really. I guess, that to
create tickets, kdc do need access to the device, otherwise the work
could
Hi,
As you want to run gss-server on the linux machine, you have to have the
service principal sample1's key extracted into the linux machine's
default keytab file /etc/krb5.keytab.
If you want to use solaris m/c as a gss-client then you don't need
to extract any keys for the solaris m/c as you
Bala Viswanathan/Doug Lamoureux, we have a few following up questions
w.r.t. the issue below, can you contact me at [EMAIL PROTECTED] off the
list.
Thanks,
Larry
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Bala Viswanathan
Sent: Wednesday, April 07, 2004 1:15 PM
To: Doug
Sam Hartman wrote:
denis == denis havlik [EMAIL PROTECTED] writes:
Make sure that the service principals in the KDC do not contain
any enctypes other than DES-CBC-CRC or DES-CBC-MD5. Java
cannot handle them.
denis Don't understand this. Aren't client programs supposed to
On Apr 12, 2004, at 5:12 PM, [EMAIL PROTECTED] wrote:
Date: 12 Apr 2004 14:36:33 -0700
From: [EMAIL PROTECTED] (melissa_benkyo)
To: [EMAIL PROTECTED]
Subject: setup kerberos client
Message-ID: [EMAIL PROTECTED]
Precedence: list
Message: 5
Hello all,
its me againnn. :D
I'm having trouble setting
Now I would like to use another client in the network to connect
slapd with kerberos-authentication. My questions are:
- Do I need the /etc/krb5.keytab on each client?
No (see my other mail)
- How can I handle security issues -- the keytab-file contains keys for
different applications and hosts.
MIT + AD also works, if you set up cross-realm auth (AD trusts MIT, MIT
doesn't trust AD works)
This is another thing: creating an AD server, and for all newly created
principal/afs users I will have to create a user on the AD server... A
middle-way solution...
Btw, anyone knows of some
to a local account. Or you can setup a cross-realm relationship
between the MIT KDC and a Windows 2003 Server which will allow
you to use the MIT KDC for authentication while providing access
to Windows account profile data within the Windows Active Directory.
This is in fact what Microsoft
On Mon, 2004-04-05 at 19:30, Doug Lamoureux wrote:
Has any one been able to use the netjoin tool on Unix (HP-UX in my case)
(source from MS:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/html/kerberossamp.asp)
[snip]
Any ideas?? I've linked it with MIT
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (Jeffrey Hutzelman) wrote:
On Monday, April 12, 2004 16:52:23 -0700 Donn Cave [EMAIL PROTECTED]
wrote:
I believe we're more or less always asking for this trouble.
If you don't get a canonical, reverse looked-up name back
out of MIT
On Tue, Apr 13, 2004 at 03:01:44PM -0400, Jeffrey Hutzelman wrote:
On Tuesday, April 13, 2004 03:00:40 +0200 Jerome Walter
[EMAIL PROTECTED] wrote:
By the way, a common constant on the programs is that most want access
do urandom devices, but do not require it really. I guess, that to
17 matches
Mail list logo