Hi Kronus
You definitely have to use mod_auth_kerb's internal SPNEGO to get it to
work. I spent a lot of time realizing that.
the ok_as_delegate flag is not in kerberos, but it is a very simple
patch. See attacthment.
Med Venlig Hilsen / Kind Regards
Mikkel Kruse
Johnsen
Adm.Dir.
Linet
So If I correctly understand, I've got two choice:
- migrate my kdc to version 1.7 (I suppose you mean experimental,
cause there is no major differents release between stable ans
testing) / or use heimdal kerberos
- make my own pam module using perl to send login/passwd with kadmin
Le 18
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
While updating we got a few problems here.
We got a Win 2003AD server as a krb5 auth server and tried to get a
amd64 system with Debian unstable to auth against it.
OpenAFS 1.4.10
openafs-krb5 1.4.10
libkrb5-3 with 1.7 version of krb5
kernel
Lars Schimmer l.schim...@cgv.tugraz.at writes:
Hi!
While updating we got a few problems here.
We got a Win 2003AD server as a krb5 auth server and tried to get a
amd64 system with Debian unstable to auth against it.
OpenAFS 1.4.10
openafs-krb5 1.4.10
libkrb5-3 with 1.7 version of krb5
A correction: ok_as_delegate kadmin support will be in MIT krb5 1.7,
contrary to what I wrote previously.
On Tue, 2009-05-19 at 08:55 +0200, Mikkel Kruse Johnsen wrote:
Hi Kronus
You definitely have to use mod_auth_kerb's internal SPNEGO to get it
to work. I spent a lot of time realizing
Hubert Chomette hubert.chome...@unilim.fr writes:
So If I correctly understand, I've got two choice:
- migrate my kdc to version 1.7 (I suppose you mean experimental,
cause there is no major differents release between stable ans testing)
/ or use heimdal kerberos
It's not the KDC that's the
Russ Allbery r...@stanford.edu writes:
...
- make my own pam module using perl to send login/passwd with kadmin
You'll run into the same problem that the existing PAM module has unless
you run the kadmin command-line client with system(), which is going to
be tricky from an
Marcus Watts m...@umich.edu writes:
I'm not sure I understand why
Authen::Krb5::Admin
http://search.cpan.org/~korty/Authen-Krb5-Admin-0.11/Admin.pm
is a problem. I've run it with various incarnations of MIT 1.4.3 /
1.6.3 for a while now. Ok, they weren't stock, but I don't
* g...@enjellic.com g...@enjellic.com [2009-05-12 10:18]:
The user uses the ~S command to initiate the sequence. The user is
prompted for a password which is used to obtain a TGT which is then
used to obtain a service ticket which is sent over the channel for
authentication. By enforcing a
* Christopher D. Clausen cclau...@acm.org [2009-05-07 16:43]:
pete...@bigfoot.com wrote:
Main reason for not setting NOPASSWD is because I don't have control
over the sudoers file on most of the systems I have access to. And
the SA's are very reluctant to use NOPASSWD.
Do you know about
Date:Tue, 19 May 2009 12:03:59 PDT
To: kerberos@mit.edu
From:Russ Allbery r...@stanford.edu
Subject: Re: NIS = Kerberos/LDAP Migration
Marcus Watts m...@umich.edu writes:
I'm not sure I understand why
Authen::Krb5::Admin
11 matches
Mail list logo