I am currently running Kerb for Windows 3.2 using a Linux KDC on Windows XP
sp2 machines. Our VPN connection is such that you must establish the
connection post log in. When the machine boots up, KFW attempts to obtain
creds which is what we want when connected to the network. When connecting
Hey Guys!I've got the quest of kerberising a network and got into some
problems.I've set up a testnetwork with 2 mashines running Red Hat Enterprise
Linux WS release 4 (Nahant Update 4).The goal is, to set up a working KDC and
Admin Server and Kerberised SSH, with single sign on.I've
Marsha Cipollone wrote:
I am currently running Kerb for Windows 3.2 using a Linux KDC on Windows XP
sp2 machines. Our VPN connection is such that you must establish the
connection post log in. When the machine boots up, KFW attempts to obtain
creds which is what we want when connected to the
I stil think you have a client problem, of the client not delegating.
Can you use IE, or FireFox on some other platform to connecto your
server?
Mikkel Kruse Johnsen wrote:
Hi
Settings check:
network.negotiate-auth.allow-proxies = true
network.negotiate-auth.delegation-uris =
I had this problem two weeks ago and I would be happy to help.
I work with kerberized LDAP so our environments are not similar but I hope
the principals for single sign on are the same.
Make sure you have configured the following:
1) You have created a principal for the user who login to the
On Friday 27 July 2007 18:11, Douglas E. Engert wrote:
I stil think you have a client problem, of the client not delegating.
A client not delegating because mutal-auth has not finished it's roundtrips?
The mod_auth_kerb code tries to store the deleg_cred *without* checking
if mutal-auth is in
I think the Firefox pref overrides this, but if it's running on a
Windows platform with the native Kerberos (gsslib) then do we need to
check that the ok-as-delegate flag is set in the service ticket? I
seem to remember that it didn't matter except for IE.
On Jul 27, 2007, at 12:14 AM,
On Friday 27 July 2007 09:14, Mikkel Kruse Johnsen wrote:
After the patch (attached) I get this.
I think your patch does my idea wrong.
Your patch checks
major_status == GSS_S_COMPLETE
but in your patch major_status is the return-value of gss_display_name(),
not of accept_sec_token.
You
Achim Grolms wrote:
On Friday 27 July 2007 18:11, Douglas E. Engert wrote:
I stil think you have a client problem, of the client not delegating.
http://www.ietf.org/rfc/rfc1964.txt old and
http://www.ietf.org/rfc/rfc4121.txt
define the Kerberos/GSSAPI packets. With Kerberos the delegated
Henry B. Hotz wrote:
I think the Firefox pref overrides this, but if it's running on a
Windows platform with the native Kerberos (gsslib) then do we need to
check that the ok-as-delegate flag is set in the service ticket? I seem
to remember that it didn't matter except for IE.
It might
Is it possible for a Solaris or Linux host to run both Kerb4 and
Kerb5? For different applications and auth domains.
Though this may seem like an idiotic question (why would you want
to?!) it is actually a valid config in our environment. Or at least
could be if it were possible. So far, no
Faeandar [EMAIL PROTECTED] writes:
Is it possible for a Solaris or Linux host to run both Kerb4 and
Kerb5? For different applications and auth domains.
Sure. They're basically entirely independent, and everything just works.
We've done this for years as a transitional measure.
What isn't
12 matches
Mail list logo