I believe there is an error in the commands you have given out. If you use the
-expire switch it sets an expiry date on the principal itself and not the
principal PW. I believe the switch you need is -pwexpire. Correct me if I am
wrong, but I tested with my KDC’s and confirmed.
William
I figured this was the case as I have been unable to find logs of admin.local
operations.
Thanks for the replies.
William Clark
On Jul 12, 2015, at 1:47 PM, Greg Hudson ghud...@mit.edu wrote:
On 07/10/2015 05:09 PM, William Clark wrote:
Noticed today while doing some operations
= SYSLOG:INFO:AUTH
kdc = FILE:/var/log/krb5kdc.log
admin_server = SYSLOG:INFO:AUTH
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
William Clark
Kerberos mailing list Kerberos@mit.edu
https
their passwords to get the new
keys added to their principals.
Along with a change to their krb5.conf or edu.it.Kerberos to support the
encryption types, this was this was enough to support OS X Yosemite.
William Clark
On Oct 19, 2014, at 6:50 PM, Benjamin Kaduk ka...@mit.edu wrote:
Hi William
. But this will be a major undertaking just
to issue the new keytabs alone.
William Clark
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
, this seems to work for my
particular load profile.
Thank you Jeremy and Greg for your help in guiding me along with this.
Cheers!
William Clark
On Apr 3, 2014, at 12:54 AM, Jeremy Hunt jere...@optimation.com.au wrote:
Hi William,
Of course for option 2, the reads of the dumped database probably
and incremental propagation is desired.
Again thank you both for taking the time to explore this with me!
William Clark
On Apr 3, 2014, at 12:54 AM, Jeremy Hunt jere...@optimation.com.au wrote:
Hi William,
Of course for option 2, the reads of the dumped database probably need no
locks so you
would be helpful.
William Clark
On Mar 31, 2014, at 8:34 PM, Greg Hudson ghud...@mit.edu wrote:
On 03/31/2014 05:44 PM, William Clark wrote:
Running the following from CentOS upstream:
krb5-server-1.10.3-10.el6_4.6.x86_64
I am not adverse to going with the latest stable MIT version
if the principal DB is getting locked, and if this is causing kprop/kadmin to
get in a very funny state. Is this even a viable concern?
Need some help on this before I am forced to go back to old propagation methods.
William Clark
Kerberos mailing list
policy support, however since I have
10 KDC's, for me to enforce a 5 password errors to lockout type policy would be
the same as giving the user 50 attempts if they craft them right. Does MIT or
anyone else have a project to allow use of policies in multi KDC environments
like this?
William Clark
I think I came to the conclusion in testing that the only way to do this is
Alternate Plan A. When you turn on kiprop, it disables the ability to
traditionally push and install a principal DB.
William Clark
On Sep 26, 2013, at 2:07 PM, William Clark majorgearh...@gmail.com wrote
, but it is necessary for me to bring our large
infrastructure to modern hosts and version of Kerberos.
Any help would be greatly appreciated!
William Clark
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
12 matches
Mail list logo