Hi,
I have managed to have mod_auth_kerb to work on my development machine.
All is good. What I need though is to automatically authenticate the
users that can be (IE users from our own domain) and then log them in
but NOT to block the others. Instead if the other users (External
users) can not
What are the current thoughts on automatically renewing Kerberos credentials
for long-lived sessions, particularly with respect to NFSv4 (where the user
experience could be adversely affected)?
It seems that Solaris has kwarnd, which can both warn users of impending
ticket expiry as well as
Luke Howard wrote:
Another issue is what to do when a TGT is no longer renewable. At first, we
thought one might wish to store one's long-term Kerberos key at logon, so it
would be possible to reacquire a TGT after the renewable lifetime was up. (*)
If using PKINIT or if the ticket cache
On 1/19/06, Luke Howard [EMAIL PROTECTED] wrote:
What are the current thoughts on automatically renewing Kerberos credentials
for long-lived sessions, particularly with respect to NFSv4 (where the user
experience could be adversely affected)?
It seems that Solaris has kwarnd, which can both
On Jan 19, 2006, at 11:59 AM, Luke Howard wrote:
What are the current thoughts on automatically renewing Kerberos
credentials
for long-lived sessions, particularly with respect to NFSv4 (where
the user
experience could be adversely affected)?
Kerberos.app on Mac OS X has auto-renewed
1) Auto-renewal mechanism tied to a specific ccache type won't work
for other types of caches.
Right, we made this mistake with KCM. Oh well!
Windows does this I think. In fact I seem to recall that for at
least some versions of Windows it doesn't even bother trying to renew
the tickets
On Fri, Jan 20, 2006 at 07:06:00AM +1100, Luke Howard wrote:
Windows does this I think. In fact I seem to recall that for at
least some versions of Windows it doesn't even bother trying to renew
the tickets and just always uses the stored key.
Unfortunately I never leave my Windows
In comp.protocols.kerberos Ken Hornstein [EMAIL PROTECTED] wrote:
URL: http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
403 Forbidden
Forbidden
You don't have permission to access
Bear with me...
I am a PHP programmer for a college -- I've never had to deal with Perl
up until this moment. We now need a web-based utility to handle users
with expired passwords; since we use a most mangled form of
authentication using a bloody mesh of PAM, Kerberos and Active
Directory, my
In comp.protocols.kerberos Ken Hornstein [EMAIL PROTECTED] wrote:
URL: http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
403 Forbidden
Hm. I just tried this right now; I got a redirect to www.cmf.nrl.navy.mil,
and it worked just fine.
Bear with me...
I am a PHP programmer for a college -- I've never had to deal with Perl
up until this moment. We now need a web-based utility to handle users
with expired passwords; since we use a most mangled form of
authentication using a bloody mesh of PAM, Kerberos and Active
On Wednesday, January 18, 2006 06:37:44 AM -0800 [EMAIL PROTECTED] wrote:
In a nutshell, I need to take a username and an expired password and
see if that truely was the users' last pasword.
You haven't said what Kerberos server you're using, so I'll assume you're
using either the MIT or
On Thursday, January 19, 2006 03:31:53 PM -0600 John Hascall
[EMAIL PROTECTED] wrote:
If you present a correct but expired password to Kerberos
you will get a 'password expired' error, which is different
from the 'password incorrect' error you get if the password
is not correct (expired or
On Thursday, January 19, 2006 03:31:53 PM -0600 John Hascall
[EMAIL PROTECTED] wrote:
If you present a correct but expired password to Kerberos
you will get a 'password expired' error, which is different
from the 'password incorrect' error you get if the password
is not correct
On Thursday, January 19, 2006 04:35:26 PM -0600 John Hascall
[EMAIL PROTECTED] wrote:
On Thursday, January 19, 2006 03:31:53 PM -0600 John Hascall
[EMAIL PROTECTED] wrote:
If you present a correct but expired password to Kerberos
you will get a 'password expired' error, which is
15 matches
Mail list logo