Ryan Underwood [EMAIL PROTECTED] writes:
On Tue, Jun 28, 2005 at 09:36:42PM -0700, Russ Allbery wrote:
Ryan Underwood [EMAIL PROTECTED] writes:
From the Changelog, it looks like this was disabled sometime in 1996 and
never revisited. But this is what I was referring to in my original
Configuration:
MIT Kerberos 1.4
Solaris 9 Master
Solaris 9, MAC OSX, PC Clients
/usr/lib/ssh/sshd daemon using pam_krb5.so.1
Pre-Auth enabled
Issue:
MAC and PC clients using ssh authenticate successfully against Solaris 9
servers and Kerberos system.
ssh -l username hostA
username@hostA
Ryan Underwood [EMAIL PROTECTED] writes:
On Tue, Jun 28, 2005 at 09:36:42PM -0700, Russ Allbery wrote:
That would be default_lifetime in [appdefaults]. Are you sure that you
have the time specification syntax right?
Yeah, I just don't have the code you quoted in the 1.3.6 kinit.c - that
Hi,
We have a plugin program that authenticates user based on kerberos
principals. The KDC server and realms can be set using the UI and so we
are using the following :
System.setProperty( java.security.krb5.realm,
getKerberosRealm() );
System.setProperty( java.security.krb5.kdc,
Since ssh authentication is taking place on the SUN server, I took a
copy of the keytab file from the Master kerberos server and placed it
place of the one created by running ktadd on hostA... now hostA has a
copy of the kadm5.keytab from the Master server.
Once I did this (and this was the
I am trying to get Single-Sing-On working with the *NIX boxes on our
campus network. The Windows AD is controlled by our outsourced IT group
so we can't drive any requirements on it. I have my Redhat Enterprise
Linux boxes authenticating correctly to the AD domain. However I've hit
the wall with
Decrypt integrity check errors usually point to a keytab problem. Although
I'm somewhat unsure why you had to copy your kadm5.keytab from the master
server, you should have instead created keytabs for each host. In my setup (we
use Solaris 9 SEAM KDCs with Solaris 9 and Red Hat clients) for each
Read the man page for kadm5.acl. This file controls access and delegation for
the kerberos database. I'm pretty sure it can do most if not all of what you
want.
-Michael
--- [EMAIL PROTECTED] wrote:
Hi
I'm new to Kerberos so forgive the question...this is about the use of
kadmin access
I created a presentation PDF a while back that I've placed on the Web
which goes into detail on Kerberos enctypes in terms of how they are
used, negotiated and controlled via *.conf parameters. It can be
downloaded via my blog:
I am sorry that my question was quite vague.. I am
heading against a wall with my study. I'll try to
explain my requirements a bit more clearly, and hoping
for some help..
I have to implement a SSO (Single Sign On)
application. For this, I think Kerberos will fit into
the architecture. I am
Not to offend you, but a simple google search for single sign-on kerberos
reveals a lot of information on this subject. The 2nd link that came up for me
was a guide to Kerberos single sign-on in Java:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.html
Hope this helps get
11 matches
Mail list logo
