Chet Burgess wrote:
It is important to note that even if you have the
REALM and KDC(s) listed in the file properly the library will still
try DNS first, so you MUST add dns_fallback = false to turn off the
resolver calls.
I am fairly sure that DNS is not used in preference to the
On Wed, Aug 17, 2005 at 12:07:40PM +, Jeffrey Altman wrote:
Chet Burgess wrote:
It is important to note that even if you have the
REALM and KDC(s) listed in the file properly the library will still
try DNS first, so you MUST add dns_fallback = false to turn off the
resolver calls.
In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Chet Burgess)
wrote:
[ ... re memory leak caused by DNS KDC lookup ... ]
The res_ninit() call and the subsequent calls for the DNS
records are made in the krb5int_dns_init function found at
src/lib/krb5/os. The res_ninit() call is made for
i don't think you need to run setspn for host principal
Yes you need run when you want to http principal.
microsoft provide some by default.
s-
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Luciano Bolonheis wrote:
Hi,
i'm trying to make a Single sign-on environment... and I have all the
possible problems...
using the mod_auth_kerb with apache in internet explorer, it
authenticate but asks for the password. I get a ticket with the Kfw
Leash32 application, and even with valid
I'm installing Samba with Security ADS (compiled
--with-winbind --with-ads --with-ldap --with-krb5) on
Solaris 8, for connect with ActiveDirectory W2K.
First, I created in AD Windows an account with the
same name that my solaris host and generated the
keytab with this:
C:\tempktpass princ
I've compiled MIT kerberos 1.4.2 on Debian Linux. I've configured
inetd.conf to use the kerberized telnetd
I'm able to get a ticket but if I tried and connect with a kerberized
telnet client I get the following:
telnetd: Failed to chown slave side of pty: Operation not permitted
.
telnetd: Slave
On Wed, Aug 17, 2005 at 11:51:08AM -0700, Donn Cave wrote:
That's weird, but there are some potential surprises. For an
example I ran into myself, if your initial request fails, it
will be retried to the configured master_kdc. Of course if that
isn't in krb5.conf it will go to DNS
res_ninit() wasn't the only source of the leak. Ticket #3147 covers a
different leak, which resulted from not freeing some profile strings.
---Tom
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On Wed, Aug 17, 2005 at 03:19:52PM -0400, Tom Yu wrote:
res_ninit() wasn't the only source of the leak. Ticket #3147 covers a
different leak, which resulted from not freeing some profile strings.
Yeah I saw that in the reference. I was using that an evidence
that the developers
10 matches
Mail list logo