Looks like it should have worked.
A wireshark trace of the packets would show a lot, as long as
the session is not encrypted.
It could be a size issue. AD can produce very large tickets if you
are in many groups.
It could be an enc-type issue, which the server does not understand
It could be
On Mon, 2007-07-23 at 16:27 -0500, Douglas E. Engert wrote:
Mikkel Kruse Johnsen wrote:
Hi Markus
Yes that is what I want. I need the KRB5CCNAME (the credential) so I can
login to my OpenLDAP SASL based server and PostgreSQL with kerberos.
So what you need is the Kerberos
On Jul 25, 2007, at 2:55 AM, Mikkel Kruse Johnsen wrote:
Is the KRB5CCNAME being set in the environment of the subprocess.
Don't know how to check this. The KRB5CCNAME is in the env. with
the attached patch but the credetials is never saved to that file.
Protect CGI's and access a cgi
Hi,
I am implementing OTP mechanism in the existing kerberos.
I have set up pre-auth mechanism to authenticate the clients.
Now, the user will be asked password+OTP instead of just password. i will be
generating this OTP with a hardware token.
Also, i will be encrypting time-stamp with password
hi Tim,
It's really nice.
i could see that you are able to use hardware tokens with MIT kerberos.
If u are comfortable, could you explain me the way you have done it.
it will be great.
-gopal
On 7/25/07, Tim Alsop [EMAIL PROTECTED] wrote:
Gopal,
It is not easy to do. If you are interested,
Gopal Paliwal wrote:
Hi,
I am implementing OTP mechanism in the existing kerberos.
I have set up pre-auth mechanism to authenticate the clients.
Now, the user will be asked password+OTP instead of just password. i will be
generating this OTP with a hardware token.
Also, i will be
Gopal,
Sorry if I mislead you in any way. I don't think I mentioned MIT
Kerberos in my email. The product I used is called TrustBroker and is
commercially available from CyberSafe, and is not based on MIT or
Heimdal, and is not open source. I just wanted to show you so you can
see that what you
Gopal,
It is not easy to do. If you are interested, we already have a solution
- see example below :
# kinit talsop
Password for [EMAIL PROTECTED]:
Enter Passcode (PIN+Tokencode) or Tokencode from your SecurID Token:
# klist -ef
Cache Type: Kerberos V5 Credentials Cache
Cache
On Wednesday 25 July 2007 11:55, Mikkel Kruse Johnsen wrote:
Compiled the mod_auth_kerb with the attched
The modification does a check if GSS_C_DELEG_FLAG
is present.
From my point of view (a paranoid point of view)
an additional check has to follow:
before the code does the call to
