sshd_config (search for Gssapi
in the sshd_config on the Solaris host).
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND
after krb5 patch?
That's the idea, yes. Actually, the option is
`--with=kerberos5=/path/to/krb5/root'.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax
, and the linker should therefore be looking for
__builtin_alloca
Make sure that everything that needs alloca is including alloca.h, and
once you've done that, try the +Olibcalls option to the compiler.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services
of an odd coincidence that I
won't go into, but your best bet is to make sure that your bison is
recent (or deleted in favor of yacc).
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building
to log into the `bob' account
on a machine that's in REALM1).
Ken Hornstein suggested looking into the k5userok() function. See
the thread in September of 2000 for more info.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
Kerberos mailing
, but that's not
installed on any of the boxes that have these files).
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo
ccaches. In any case, when kadmin exits
it should destroy those FILE ccaches.
Thanks for the info Nico. One less mystery for me to wonder about.
;-)
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC
people have provided, and I look forward to any
additional comments or suggestions people might have.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North
1.30, so that's the version we're sticking
with. I recommend the original poster try that version, and see if he
or she has better luck.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building
get from the MIT source.
If the field machines are Windows boxes, I would think that
https://sourceforge.net/projects/kerberizer/
would be worth a look.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6
a success is always returned, even when strip fails.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
$kp=Authen::Krb5::get_default_realm();
(notice the K in Krb5) instead, you would have better results.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North
to 1.4, I encountered a
problem with krb5_init_ets not being part of the libkrb shared library,
even though the ABI of the library had not changed from what 1.2.8 used.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room
is a little vague about
whether a separate dump/load step is still needed for policy information.
It was needed with earlier KDC upgrades, but the docs imply (without
really saying) that it's no longer needed.
Can anyone clarify whether it's still required, or not?
Thanks,
Tim
--
Tim Mooney
share principals in
their keytab. The keytab on shinobi shouldn't have host/shogun entries,
and the keytab on shogun shouldn't have host/shinobi entries.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6
-Wl,-h,libkrb5support.so.0
or uses gcc's -Xlinker equivalent.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
Kerberos mailing
as nsswitch.conf on the KDC is right.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
]
and the kvno should match the kvno that you found with getprinc.
Once the keytab is correct on the KDC, the services that you've set up
on the KDC (krb5-telnet, eklogin, etc.) should now work.
Tim
--
Tim Mooney [EMAIL PROTECTED]
Information Technology Services
we get, GSS-API (or
Kerberos) error while initializing kadmin interface.
This may not be related, but have you tried setting
allow_weak_crypto=1
in the libdefaults section of your /etc/krb5.conf on the RHEL6 client?
Tim
--
Tim Mooney moo
propagation when the dump file has changed
from the checksum from the previous dump file.
Tim
--
Tim Mooney moo...@dogbert.cc.nrealm2.nodak.edu
Enterprise Computing Infrastructure 701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541
service;bydefaulttherealmreturned by
krb5_default_local_realm(3) is used.
It's krb5_default_local_realm() that's reading krb5.conf.
Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing Infrastructure 701-231
and it works, but if we were starting over,
these days I'm not certain I would choose the same path. Depending on
your realms, it might be better to use separate VMs or containers,
depending on what you're comfortable with.
Tim
--
Tim Mooney tim.moo
24 matches
Mail list logo