KEYRING:persistent and ssh

Hello, i have a little problem with the 'KRB5CCNAME' environment variable. I set the default_ccache_name to KEYRING:persistent:%{uid} but if i login it is set to "file:/tmp/krb5cc_${uid}_XX" cause ssh sets the KRB5CCNAME to file:/tmp/krb5cc_${uid}_XX... I found a workaround with

Re: KEYRING:persistent and ssh

> On 27 Sep 2016, at 15:20, Tina Harriott <tina.harriott.m...@gmail.com> wrote: > >> On 16 September 2016 at 16:02, t Seeger <tseeger...@gmail.com> wrote: >> Hello, >> >> i have a little problem with the 'KRB5CCNAME' environment variable. I set >&g

Re: kdb5_ldap_util fails, no idea why

Hello Lars, I corrected a little bug in my script so please use the new version https://wp.tntnet.eu/?p=112 . The bug is only a problem in a multimaster setup, cause the keytab is not updated correctly. - Thorsten Von meinem iPhone gesendet > Am 08.11.2016 um 08:58 schrieb t Seeger <t

Re: kdb5_ldap_util fails, no idea why

Hello, I made a installer script to setup a Kerberos server with ldap backend. It is for ubuntu or debian only. The script is not perfect and for testing, but should guide you in the right direction. You can find it under: https://wp.tntnet.eu/?p=112 Thorsten Von meinem iPhone gesendet > Am

Re: kdb5_ldap_util fails, no idea why

Hello, did you create the /etc/krb5kdc/kdc.conf file? The Kerberos Containern dn is setup there (ldap_kerberos_container_dn). And you need to use 'cn' for the container this change some versions ago. [dbmodules] LDAP = { db_library = kldap ldap_kerberos_container_dn =

Re: kdb5_ldap_util fails, no idea why

uld somehow be stored with the User > and Machine entries, i.e. not in a seperate tree. So the idea for GSSAPI > binding of users or machines will be to use authz? > > Thanks for the help, > - lars. > >> Am 08.11.2016 um 08:58 schrieb t Seeger: >> Hello, &

Re: Master-master deployment?

Hey Yegui, I have just noticed that the script has a bug and does not run. I uploaded the corrected version (0.13.3). Greetings Thor > On 6. Feb 2019, at 13:56, Yegui Cai wrote: > > Awesome, thanks! > >> On Wed, Feb 6, 2019 at 2:32 AM t Seeger wrote: >> Hey Ye

Re: Master-master deployment?

to Kerberos. Your script > is definitely helpful. > Thanks a lot! > Yegui > >> On Sat, Feb 2, 2019 at 1:55 PM t Seeger wrote: >> Hey, >> >> my deployment is a multimaster ldap / Kerberos Setup... i made a „Script“ to >> install it on Debian/ubuntu

Re: Master-master deployment?

ulti-master KDCs also use >>> multi-master LDAP replication, to avoid the SPOF. >>> >>> -Ben >>> >>>> On Sat, Feb 02, 2019 at 11:12:33AM -0500, Yegui Cai wrote: >>>> Hi Thor. >>>> So you have a shared ldap? If so, could th

Re: Master-master deployment?

Hey Yegui, I use a mutli master setup. For the sync I use openldap. Greeting Thor > On 2. Feb 2019, at 15:38, Yegui Cai wrote: > > Hi all. > I know the official document recommend master-slave deployment for > production environment. > Wonder if any try to do a master-master deployment? If