, they are not supported by very old versions of our
GSSAPI implementation (krb5-1.3.1 and earlier). Services running
versions of krb5 without AES support must not be given AES keys in
the KDC database.
--
Dennis Davis dennisda...@fastmail.fm
/how-to-change-the-kerberos-default-ticket-lifetime
may also be useful.
--
Dennis Davis dennisda...@fastmail.fm
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
existing principals.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk Phone: +44 1225 386101
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk Phone: +44 1225 386101
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
with
an earlier version of kerberos.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk Phone: +44 1225 386101
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
on service principals. Just in case we have old user
principals still without +preauth. This shouldn't be the case,
We're just being cautious. So this wrong behaviour in older
software is fine with us.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk
are considered
sensitive.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk Phone: +44 1225 386101
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
principals if offline-password-attacks are a worry.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk Phone: +44 1225 386101
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman
which targets the Reply-To address. I also believe
the Sanesecurity anti-phishing signatures at:
http://www.sanesecurity.com/
will defend against some of these attacks.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk Phone: +44 1225 386101
version of make. But, as usual, I haven't a clue why two
should give this problem and one doesn't.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
Kerberos mailing list Kerberos
\
./plugins/kdb/db2/libdb2/btree \
./plugins/kdb/db2/libdb2/recno \
./plugins/kdb/db2/libdb2/clib
do
(cd $i; make OBJS.ST)
done
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
On Mon, 17 Jul 2006, Ken Raeburn wrote:
From: Ken Raeburn [EMAIL PROTECTED]
To: Dennis Davis [EMAIL PROTECTED]
Cc: kerberos@mit.edu
Date: Mon, 17 Jul 2006 09:06:32 -0400
Subject: Re: Unable to find requested database type
On Jul 17, 2006, at 05:51, Dennis Davis wrote:
As a Quick'N'Dirty
. And sure enough, the generated file:
krb5-1.5/src/include
contains:
/* Define if dlopen should be used */
/* #undef USE_DLOPEN */
As a Quick'N'Dirty fix, can I just alter the above to:
#define USE_DLOPEN 1
after the configuration and just before the build?
--
Dennis Davis, BUCS, University
On Tue, 22 Nov 2005, Turbo Fredriksson wrote:
From: Turbo Fredriksson [EMAIL PROTECTED]
To: kerberos@mit.edu
Date: Tue, 22 Nov 2005 17:30:54 +0100
Subject: Re: that interop mess: ldap, samba, kerberos
Quoting Dennis Davis [EMAIL PROTECTED]:
...
saslauthd certainly isn't buggy
strings.h
#endif
+ #ifdef __OpenBSD__
+ #include stdio.h
+ #endif /* __OpenBSD__ */
+
/*
* errors:
* GSS_S_BAD_NAMETYPE if the type is bogus
Something similar may work for you on FreeBSD. Note that this *is*
a bodge, not a fix.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY
On Thu, 11 Aug 2005, Vladimir Terziev wrote:
From: Vladimir Terziev [EMAIL PROTECTED]
To: Dennis Davis [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], kerberos@mit.edu
Date: Thu, 11 Aug 2005 13:29:04 +0300
Subject: Re: Unable to build 1.4.2 on FreeBSD
This is from import_name.c:
[snip
on an
(obsolete) OpenBSD3.3 system.
My gut feeling (ie I could well be completely wrong) is that the
--disable-thread-support argument to configure isn't being fully
obeyed and some thread support is being picked up. I haven't even
thought about how I'd look into this.
--
Dennis Davis, BUCS
types specified in the System
Administrator's Guide. For example:
addprinc -e rc4-hmac:normal des-cbc-md4:normal ...
(Oh boy, I hope I've got that right. Never used it myself, always
relied on the defaults :-)
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED
On Thu, 3 Feb 2005, Tom Yu wrote:
From: Tom Yu [EMAIL PROTECTED]
To: Dennis Davis [EMAIL PROTECTED]
Cc: Mike Dopheide [EMAIL PROTECTED], kerberos@mit.edu
Date: Thu, 03 Feb 2005 13:15:54 -0500
Subject: Re: KADMIN error
...
Ok, that is very useful information to have. The host-based
]# kadmin
Authenticating as principal userhidden/[EMAIL PROTECTED] with password.
kadmin: Database error! Required KADM5 principal missing while initializing
kadmin interface
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
[EMAIL PROTECTED] Phone: +44 1225 386101
From: Mark Hannessen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Fri, 10 Dec 2004 14:27:30 +0100
I am trying to setup a kerberos v5 only cyrus imap server.
that is: I would like all autherisation to be done by gssapi/kerberos.
...
does anybody have a suggestion where I should look next?
Is
To: sam [EMAIL PROTECTED]
References: [EMAIL PROTECTED]
From: Sam Hartman [EMAIL PROTECTED]
Date: Mon, 01 Dec 2003 08:37:09 -0500
cc: [EMAIL PROTECTED]
Subject: Re: Problem with setting up Kerberos server
sam == sam [EMAIL PROTECTED] writes:
sam Dear all, I don't know how many of you setup
Subject: GSS Server without secret key?
From: Oliver Schoett [EMAIL PROTECTED]
Date: Thu, 06 Nov 2003 12:17:03 +0100
Organization: sdm AG, Muenchen, Germany
To: [EMAIL PROTECTED]
I have been playing with the Sun GSS/Kerberos sample code in
From: Josh Huber [EMAIL PROTECTED]
Newsgroups: gmane.comp.encryption.kerberos.general
Subject: host/*@REALM tickets with ssh, DNS
Reply-To: Josh Huber [EMAIL PROTECTED]
Date: Fri, 09 Aug 2002 11:38:30 -0400
...
I have a few general questions:
1) Here is the output from klist after logging in
24 matches
Mail list logo