Hello,
i work with Vincenzo Carnuccio.
Now we have tried the Perl extension and it seems that it works fine.
We are trying also with jni project on ONNV-gate.
We will inform you about.
Thank you!
On 14 Gen, 21:33, Russ Allbery [EMAIL PROTECTED] wrote:
Greg Wallace [EMAIL PROTECTED] writes:
Hello,
There is an environment variable which can be set to control the name of the
cache file: set KRB5CCNAME to the name of the cache file to use.
Mit freundlichem Gruß / Kind regards / Cordialement
Calin Barbat
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
We did a dipper investigation of this issue and found out that the
difference between sshd and telnetd is in the user credential cache file
name.
While ssh to the machine the credential cache file name is composed using
the numeric uid of the user like /tmp/krb5cc_. On the other hand while
The latest versions of rpc.gssd look at file ownership rather than the
name. (It does narrow the field by looking for krb5cc_*, then
looking at file ownership.) This change went into nfs-utils-1.0.11.
Unfortunately, gssd has no access to the user's environment variables
and cannot use that to
The Mac OS X kinit uses the in memory CCAPI ccache server to
temporarily store tickets before placing them in the destination
ccache (in this case a file-based ccache). As a result kinit is
attempting to launch a launchd service (the CCacheServer) from inside
your launchd script. The
Hi,
once upon tested PERL we had experience some problem on involving CGI-
PERL in order to manage Kerberos with PERL with a WEB APPLICATION.
We want to know what do u think about involving JPL for calling perl
(interface to kerberos) from JAVA (Web Application).
According to you which is the
Douglas,
Thanks for your help, and excuse me for the time it takes me to get back
on this project.
We had other concerns so...
So anyway now I'm back on it and this mail is to say Merci in french.
for others with the same trouble :
I just had to create a simple user and not using the machine's
Douglas E. Engert [EMAIL PROTECTED] writes:
From a Kerberos prospective both could be correct. Using the process ID
as part of the cache name allows for session based credentials, so each
telnet session has its own cache.
telnetd should include both the UID and the PID in the cache name.
Ken Hornstein wrote:
telnetd should include both the UID and the PID in the cache name. This
works much more smoothly with rpc.gssd and is what I do in pam-krb5.
In a perfect world, we'd chuck the whole horrid scheme and create some utility
to send the Kerberos credentials to rpc.gssd or
That is what DCE did. The PAG number was part of the cache name in
a well know location.
I don't want the cache in a well known location. I want to tell the OS
or some utility, Hey, here's my TGT, or perhaps even, Talk to me on this
socket/port/door to get a ticket for a service.
--Ken
Douglas E. Engert [EMAIL PROTECTED] writes:
OK that works too. But I thought the main problem as stated in the note
was that the rpc.gssd could not read the environment of the process, and
thus alway defaulted to using the default ticket cache.
This is the same set if issues I have with Nico
Ken Hornstein [EMAIL PROTECTED] writes:
telnetd should include both the UID and the PID in the cache name.
This works much more smoothly with rpc.gssd and is what I do in
pam-krb5.
In a perfect world, we'd chuck the whole horrid scheme and create some
utility to send the Kerberos
Ken Hornstein wrote:
That is what DCE did. The PAG number was part of the cache name in
a well know location.
I don't want the cache in a well known location. I want to tell the OS
or some utility, Hey, here's my TGT, or perhaps even, Talk to me on this
socket/port/door to get a ticket
I think AFS uses the correct model. Credentials are really an attribute
of the user and for the best security should be tracked by the kernel like
any other security attribute of the user (UID, GID, supplemental groups,
capabilities, etc.). But that gets into really nasty cross-platform
issues,
On Jan 15, 2008 3:19 PM, Douglas E. Engert [EMAIL PROTECTED] wrote:
Ken Hornstein wrote:
That is what DCE did. The PAG number was part of the cache name in
a well know location.
I don't want the cache in a well known location. I want to tell the OS
or some utility, Hey, here's my
Hello,
I need some help deciphering the error msg below:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the
server host/managementserver.domain.com. The target name used was
HTTP/managementserver.domain.com. This indicates that the password
It's an undocumented feature that you need to specify when building
Kerberos named something like updates database. And the kadmin modprinc
(+-)allow_tix [EMAIL PROTECTED] allows you to enable/disable the account.
I believe the number of failed attempts before blacklisting is kept in
the kdc.conf
17 matches
Mail list logo
