Greg Hudson wrote:
> Is it sufficient for just the master key to be behind a PKCS #11 device, so
> that the existing database format can be preserved at the cost of letting
> long-term keys pass through KDC application memory?
IMO yes.
Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographi
Hi Greg,
You're as thorough as always :)
> * Ephemeral keys (ticket session keys, initiator and acceptor subkeys)
> are generated randomly by one party and sent to the other inside an
> encrypted message. Do we extend the protocol so that these keys can be
> wrapped in parent keys within the encr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
we are pleased to announce version 1.0 of msktutil.
Msktutil is a program for interoperability with Active Directory. It
creates user or computer accounts in Active Directory, creates
Kerberos keytabs on Unix/Linux systems, adds and removes
Hi all,
Is there a way to support name canonicalization (like kinit -E) when
acquiring creds via gss_acquire_cred_with_password() and
gss_acquire_cred_impersonate_name() ?
The use case is to use userPrincipalName for client name against AD.
Thanks!
___
Thanks for your help. Is my setup so special
(kerberos/OpenLDAP/sssd/sshd) nobody using it? I think i will ask
debian/ubuntu or the openssh maintainer for help.
On 19.09.2016 18:23, Russ Allbery wrote:
> tseegerkrb writes:
>
>> I think the sshd daemon do not honor the "default_ccache_name" and
