Has anybody tried to use the PAC field with MIT Kerberos ? I tried after a
kinit against a w2k kdc to look at the details in the credential cache, but
all pointers to authorisation data (cred-authdata and
decode(cred-ticket)-enc_part2-authorization_data) are 0.
Thank you
Markus
Is there a patch to the 1.2.8 series to avoid:
Buffer overflow in krb5_aname_to_localname functionality. See advisories
index or advisory text.
Or is 1.2.8 not susceptable?
I hadn't seen any patches for pre-1.3.0. Are y'all officially considering
1.2.* old as a brick and time to upgrade?
In the long run the Kerberos password is a problem because the human
brain does not obey Moore's law. As I see it the solution is to use
some form of two-factor authentication for the initial ticket exchange.
So what options are there in that space?
AFAIK none --- with the standard open
So what options are there in that space?
AFAIK none --- with the standard open source servers. There are
patches available for MIT to support CRYPTOcard and SecureID. There
are patches available for Heimdal to support X509 certificates
(PKINIT).
Just as a note: if you want to go down the
Henry,
The CyberSafe TrustBroker products currently support RSA SecurID, VASCO
Digipass and SecureComputing SafeWord tokens. They also support smart
cards via PKINIT.
Thanks, Tim.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Henry B. Hotz
Sent: 15
Daniel == Daniel Henninger [EMAIL PROTECTED] writes:
Daniel Is there a patch to the 1.2.8 series to avoid: Buffer
Daniel overflow in krb5_aname_to_localname functionality. See
Daniel advisories index or advisory text.
The 1.3.0 patch works for 1.2.8. We still care about 1.2.x enough
Given all the issues I didn't want to get into, maybe I shouldn't have
mentioned SecureID. Since I did mention it, it's good to have your
caveat on the record.
Just trying to make sure I really know what exists.
On Jul 15, 2004, at 11:27 AM, Ken Hornstein wrote:
So what options are there in
Sam
the document
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnkerb/html/MSDN_PAC.asp
says:
The PAC is generated by the KDC under the following conditions:
a.. During an AS request that has been validated with pre-authentication.
b.. During a TGS request when the client
Hi All,
I am new to this and am trying to get krb5 to make check on a HPUX 11.00 box. It
compiled ok after I did the below.
I compiled Kerberos 1.3.1 on HPUX 11.00, using gcc 3.0.4. Module
src/appl/bsd/compat_recv.c failed to compile because it couldn't find the
#include sys/select.h, so I
Markus == Markus Moeller [EMAIL PROTECTED] writes:
Markus Sam the document
Markus
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnkerb/html/MSDN_PAC.asp
Markus says:
Markus The PAC is generated by the KDC under the following
Markus conditions:
Markus
Hi.
I've built an openafs cell, on debian stable. It authenticates over
kerberos 5 (MIT), and gains a token from openafs_session, so no kaserver
and no passwords anywhere other than kerberos db. Good it works. Now, my
question about it is: how to make it redundant?
We have a quite unreliable
Hi,
I followed the directions in Brian Tung's article on Kerberos for Dummies
to set up a KDC on a Redhat9 Linux system. Upon trying to start the
daemon, I get a failure, with the log indicating that the master key
can't be located. Where is the master key stored and what configuration
[EMAIL PROTECTED] (Henry B. Hotz) writes:
In the long run the Kerberos password is a problem because the human
brain does not obey Moore's law. As I see it the solution is to use
some form of two-factor authentication for the initial ticket exchange.
So what options are there in that space?
Has anybody tried to use the PAC field with MIT Kerberos ? I tried after a kinit
against a w2k kdc to look at the details in the
credential cache, but all pointers to authorisation data are 0.
Thank you
Markus
--
Markus Moeller [EMAIL PROTECTED]
I'm having trouble with my sidecar. I use sidecar to check email using
eudora at iowa state univeristy. i recently installed another version of
sidecar from cornell simultaneously to check something on that
system. after i removed it my iowa state sidecar has never acted the
same. i now
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
hi, somebody can help me?
i have installed kerberos server in my Linux REdhat AS 3.0, i think the
installation is ok!
i'm trying conecto using telnet from linuxbox to my Kerberos Server.
i did.
telnet -a -x -f domain.com
and the error is this one!
Jul 13 16:57:32 uvm.edu krb5kdc[4985](info):
Andrew,
I am forwarding your question to ISU's Solution Center,
they can help you correct your system.
John Hascall
Academic IT, ISU
--- Forwarded Message
Date: Wed, 14 Jul 2004 22:44:11 -0500
To: [EMAIL PROTECTED]
From: Andrew S Waxman [EMAIL PROTECTED]
I'm having trouble with my
18 matches
Mail list logo