On 30.09.2010 1:23, Russ Allbery wrote:
In practice, you need to add HTTP/* principals for both names to the
Apache keytab if they differ, and then configure mod_auth_kerb to accept
any credential that's available in the keytab. Last time we did testing,
Firefox did one thing and IE did the
Nikolay Shopik sho...@inblock.ru writes:
On 30.09.2010 1:23, Russ Allbery wrote:
In practice, you need to add HTTP/* principals for both names to the
Apache keytab if they differ, and then configure mod_auth_kerb to
accept any credential that's available in the keytab. Last time we did
Hi
Still related to Kerberos for Windows , but from a development perspective..
I am working on adding GSSAPI support on TortoiseSVN ; this is done by
compiling sasl and neon with GSSAPI support.
This is itself was rather simple using the Kerberos for Windows SDK ;
however for various reasons,
I have been trying out Kerberos under CentOS 5.5, which claims to include
MIT kerberos version 1.6.1:
# rpm -qi krb5-server
Name: krb5-server Relocations: (not relocatable)
Version : 1.6.1 Vendor: CentOS
...
URL :
Jean-Yves:
I would recommend that you take a look at
http://github.com/secure-endpoints/heimdal-krbcompat
This SDK provides implementation independence for applications with both
Heimdal and MIT Kerberos.
If you don't want to go this route what you need to do is to use delay
loading of the
I have cross-realm authentication working, and one step of this required me
to do the following on both KDCs:
# kadmin.local
addprinc krbtgt/bar.example@foo.example.com
and then type the same (long and random) password into both boxes.
Ideally I would have generated a random password on
On Thu, 2010-09-30 at 10:24 -0400, Brian Candler wrote:
Ideally I would have generated a random password on one box (e.g.
addprinc -randkey) and then copied it to the other, and I wondered if there
is a straightforward way to do this.
I'm not personally aware of a straightforward way to do
On Thu, Sep 30, 2010 at 09:14:32AM -0400, Greg Hudson wrote:
That's just wrong; I've fixed it for the 1.9 admin docs. Thanks for
reporting this, and apologies for the time it took to figure it out.
That's OK, I learned a lot in the process :-)
Regards,
Brian.
On Thu, 2010-09-30 at 07:16 -0400, Brian Candler wrote:
Now, in the administrator's guide on the web at [...]
[realms]
ATHENA.MIT.EDU = {
auth_to_local = {
RULE:[2:$1](johndoe)s/^.*$/guest/
RULE:[2:$1;$2](^.*;admin$)s/;admin$//
Hi,
I tried to find this in the documentation so if someone could point me in the
right direction, I would appreciate it. I am trying to list all the kerberos
principals created with a LDAP back end that are not in the realm container.
Using kadmin list_principals only shows what is in the
Hi Kevin
This should just work. kadmin and kadmin.local will list all the
principals found in any subtrees that are found in the Kerberos Realm
Container.
You should be able to see your subtrees in the LDAP tree under the realm
container using any LDAP browser.
In my test tree my Kerberos
Hi Kevin,
One more thing I just thought of.
Check the value for sscope (Search Scope). It should be in your
Kerberos Realm Container as krbSearchScope. If this is set to 1 it will
not search your subtrees.
From the krb5_ldap_util man page:
-sscope search_scope
Specifies the
Hi
On 30 September 2010 23:19, Jeffrey Altman jalt...@secure-endpoints.com wrote:
Jean-Yves:
I would recommend that you take a look at
http://github.com/secure-endpoints/heimdal-krbcompat
This SDK provides implementation independence for applications with both
Heimdal and MIT Kerberos.
On 9/30/2010 7:34 PM, Jean-Yves Avenard wrote:
Hi
On 30 September 2010 23:19, Jeffrey Altman jalt...@secure-endpoints.com
wrote:
Jean-Yves:
I would recommend that you take a look at
http://github.com/secure-endpoints/heimdal-krbcompat
This SDK provides implementation independence
Hi
On 1 October 2010 09:39, Jeffrey Altman jalt...@secure-endpoints.com wrote:
You should not have to build KFW from scratch to build applications.
The KFW SDK is included in the KFW installers.
You want to build against that, not the source tree.
I agree.
However, the author of TortoiseSVN
On 9/30/2010 7:45 PM, Jean-Yves Avenard wrote:
Hi
On 1 October 2010 09:39, Jeffrey Altman jalt...@secure-endpoints.com wrote:
You should not have to build KFW from scratch to build applications.
The KFW SDK is included in the KFW installers.
You want to build against that, not the source
16 matches
Mail list logo