cloc3 wrote:
> I've put all my user in a openldap database, and the database is
> accessible with a kerberos ticket.
>
> but, at startup, kdm have no ticket to access openldap database, so no
> users are listed in kdm userlist. in this moment the only way to have
> a complete userlist is to login a
On Feb 13, 2009, at 06:23, Lorenzo Costanzia wrote:
> Hi everybody,
>
> I'm trying to set up a AFP server with (MIT) Kerberos authentication
> and DNS service discovery (aka Bonjour, see http://www.dns-sd.org/) in
> my home network (which uses a private .lan top level domain). The AFP
> server wo
On Fri, Feb 13, 2009 at 08:56:43AM +, Peter Eriksson wrote:
> xscreensaver:
> When $HOME goes away then xscreensaver will fail you launch the
> password dialog application when you wish to login again (since
> it can't read the .Xauthority file in your $HOME so it will
> not be allowe
On Fri, Feb 13, 2009 at 08:56:43AM +, Peter Eriksson wrote:
> Edward Irvine writes:
> >I also did a little experiment. After logging in to the target
> >machine, (with the GSSAPIDelegateCredentials working and all), I ran
> >the "kdestroy" command. As expected, my home directory became
>
Hi everybody,
I'm trying to set up a AFP server with (MIT) Kerberos authentication
and DNS service discovery (aka Bonjour, see http://www.dns-sd.org/) in
my home network (which uses a private .lan top level domain). The AFP
server works beautifully when connecting "directly" to it.
But when I
I've put all my user in a openldap database, and the database is
accessible with a kerberos ticket.
but, at startup, kdm have no ticket to access openldap database, so no
users are listed in kdm userlist. in this moment the only way to have
a complete userlist is to login as root, to take a ticket
Hi,
is there a way with MIT kerberos to create an "alias" for e.g.
service/myhost.pr...@realm (mind the trailing dot in the SPN) to
service/myhost.p...@realm (without dot), so that a request (with
canonicalization flag set) for the former principal returns a ticket
for the latter?
Best regard
Edward Irvine writes:
>On my workstation (and all kerberos clients) I have now inserted:
>a) "GSSAPIDelegateCredentials yes" parameter into /etc/ssh/
>ssh_config, and;
>b) "forwardable = true" in the [libdefaults] section of /etc/krb/
>krb5.conf, and;
>c) Played around with /etc/krb5/warn.c
Hi Folks,
Thanks for the feedback everyone.
On 13/02/2009, at 3:52 AM, Douglas E. Engert wrote:
>
>
> Edward Irvine wrote:
>> Hi Folks,
>> Is there a ticket beween client and server that expires? If so,
>> how does it get renewed?
>> Kerberised NFS presumably requires authentication and
>>