Re: Determening the number of clients per KDC

On Tue, Apr 17, 2018 at 9:32 AM, Sergei Gerasenko wrote: > Thank you so much for confirming that the KDCs are fast. This saved me a > ton of time writing my own tests, etc. Andrew, as far as workers, is it one > worker per core in general as Russ theorized? > I haven't played

Re: Determening the number of clients per KDC

On Mon, Apr 16, 2018 at 5:41 PM, Russ Allbery wrote: > Sergei Gerasenko writes: > > > Will keeping an access log slow me down much, do you know? > > Yes, you may want to tune syslog or whatever you're using for your KDC > logging, although MIT is a lot better

Re: IPv6 handling in SASL LDAP binding

On Thu, Aug 13, 2009 at 6:41 AM, Xu, Qiang (FXSGSC)qiang...@fujixerox.com wrote: P.S. Can I ask why the numerical IPv6 address is not supported in MIT distribution? Using IP addresses in files like krb5.conf is generally discouraged, as it's easier to change a single entry in dns than it is

Re: IPv6 handling in SASL LDAP binding

On Thu, Aug 13, 2009 at 4:21 AM, Xu, Qiang (FXSGSC)qiang...@fujixerox.com wrote: Yes, in my testing, OpenLDAP utility ldapsearch also works well with IPv6 address in /etc/krb5.conf when doing SASL binding. Although we are using Mozilla LDAP library, I don't think it is MozLDAP's fault, coz

Re: IPv6 handling in SASL LDAP binding

On Fri, Aug 7, 2009 at 4:28 AM, Xu, Qiang (FXSGSC)qiang...@fujixerox.com wrote: Since it seems MozLDAP didn't pass any info related to Kerberos authentication server to Cyrus-SASL, can I understand that Cyrus-SASL obtain the Kerberos authentication server's whereabout from the ticket? But

Re: mod_auth_kerb: gss_accept_sec_context() failed

On Mon, Jan 19, 2009 at 11:32 AM, Michael Ströder mich...@stroeder.com wrote: Andrew Cobaugh wrote: On Fri, Jan 16, 2009 at 2:58 PM, Michael Ströder mich...@stroeder.com wrote: HI! I'm trying to test mod_auth_kerb-5.4 built with MIT libs 1.6.3 for SPNEGO/Kerberos working with MS AD W2K3SP1

Re: mod_auth_kerb: gss_accept_sec_context() failed

On Fri, Jan 16, 2009 at 2:58 PM, Michael Ströder mich...@stroeder.com wrote: HI! I'm trying to test mod_auth_kerb-5.4 built with MIT libs 1.6.3 for SPNEGO/Kerberos working with MS AD W2K3SP1. My ultimate goal is to receive a forwardable ticket (env var KRB5CCNAME) and use that for LDAP

Disabling reverse dns lookups

I've seen this discussed before, but I'm having some trouble. My situation is that I have sshd behind a NAT. The public IP has an A record from one of my domain names, but I have no control over the PTR record, as this is a cable modem connection, so the ISP controls that. So, the client goes to