Re: NIS => Kerberos/LDAP Migration

2009-06-01 Thread Hubert Chomette
Tue, 19 May 2009 12:03:59 PDT >> To: kerberos@mit.edu >> From:Russ Allbery >> Subject: Re: NIS => Kerberos/LDAP Migration >> >> Marcus Watts writes: >> >>> I'm not sure I understand why >>> Authen::Krb5::Admin >>>

Re: NIS => Kerberos/LDAP Migration

2009-05-19 Thread Marcus Watts
> Date:Tue, 19 May 2009 12:03:59 PDT > To: kerberos@mit.edu > From:Russ Allbery > Subject: Re: NIS => Kerberos/LDAP Migration > > Marcus Watts writes: > > > I'm not sure I understand why > > Authen::Krb5::Admin > > http:

Re: NIS => Kerberos/LDAP Migration

2009-05-19 Thread Russ Allbery
Marcus Watts writes: > I'm not sure I understand why > Authen::Krb5::Admin > http://search.cpan.org/~korty/Authen-Krb5-Admin-0.11/Admin.pm > is a problem. I've run it with various incarnations of MIT 1.4.3 / > 1.6.3 for a while now. Ok, they weren't stock, but I don't remember doing

Re: NIS => Kerberos/LDAP Migration

2009-05-19 Thread Marcus Watts
Russ Allbery writes: ... > > > - make my own pam module using perl to send login/passwd with kadmin > > You'll run into the same problem that the existing PAM module has unless > you run the kadmin command-line client with system(), which is going to > be tricky from an authentication perspe

Re: NIS => Kerberos/LDAP Migration

2009-05-19 Thread Russ Allbery
Hubert Chomette writes: > So If I correctly understand, I've got two choice: > > - migrate my kdc to version 1.7 (I suppose you mean experimental, > cause there is no major differents release between stable ans testing) > / or use heimdal kerberos It's not the KDC that's the issue, just the libr

Re: NIS => Kerberos/LDAP Migration

2009-05-19 Thread Hubert Chomette
So If I correctly understand, I've got two choice: - migrate my kdc to version 1.7 (I suppose you mean experimental, cause there is no major differents release between stable ans testing) / or use heimdal kerberos - make my own pam module using perl to send login/passwd with kadmin Le 18

Re: NIS => Kerberos/LDAP Migration

2009-05-18 Thread Russ Allbery
Hubert Chomette writes: > I try to use pam_krb5_migrate pam module on debian lenny using package > pam-krb5-migrate-heimdal package. > I've see past messages on this subject : > http://www.mail-archive.com/kerberos@mit.edu/msg12701.html > Does this module works with MIT kerberos ? > I try to do,

NIS => Kerberos/LDAP Migration

2009-05-18 Thread Hubert Chomette
Hi I try to use pam_krb5_migrate pam module on debian lenny using package pam-krb5-migrate-heimdal package. I've see past messages on this subject : http://www.mail-archive.com/kerberos@mit.edu/msg12701.html Does this module works with MIT kerberos ? I try to do, but don't succeed. thank's fro

Re: NIS => Kerberos/LDAP Migration

2007-08-15 Thread Russ Allbery
Tim Schaab <[EMAIL PROTECTED]> writes: > Now that problem is solved, another pokes up. The logins hang and > timeout. It looks like the module gets it's ticket from the kdc, but > then hangs tying to talk to kadmin. There is nothing in the kadmin log > about a pam connection attempt at all. It is

Re: NIS => Kerberos/LDAP Migration

2007-08-15 Thread Tim Schaab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Some progress. I removed the krb5_get_policy lines from the pam-krb5-migrate.c file and it compiles and loads into PAM now. Now that problem is solved, another pokes up. The logins hang and timeout. It looks like the module gets it's ticket from the

Re: NIS => Kerberos/LDAP Migration

2007-08-14 Thread Tim Schaab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Douglas E. Engert wrote: > >> When you used the pam_krb5_migrate compiled with Hiemdal, did you also >> use the pam_krb5 compiled with Heimdal? Since both are loaded into the >> same process, there could be lib or context mismatches. > It gives the

Re: NIS => Kerberos/LDAP Migration

2007-08-14 Thread Thomas A. La Porte
Not sure what you mean when you say that pam-krb5-migrate "doesn't work with MIT kerberos." We used it in our infrastructure to do exactly what you are looking to do, and we use MIT Kerberos on Linux. What problems did you run into? -- Tom Thomas A. La Porte, DreamWorks Animation

Re: NIS => Kerberos/LDAP Migration

2007-08-14 Thread Douglas E. Engert
Tim Schaab wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Thomas A. La Porte wrote: >> Not sure what you mean when you say that pam-krb5-migrate "doesn't work >> with MIT kerberos." >> >> We used it in our infrastructure to do exactly what you are looking to >> do, and we use MIT K

Re: NIS => Kerberos/LDAP Migration

2007-08-13 Thread Tim Schaab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas A. La Porte wrote: > Not sure what you mean when you say that pam-krb5-migrate "doesn't work > with MIT kerberos." > > We used it in our infrastructure to do exactly what you are looking to > do, and we use MIT Kerberos on Linux. > > What prob

NIS => Kerberos/LDAP Migration

2007-08-13 Thread Tim Schaab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Howdy, Does anyone have some resources for migrating passwords from NIS to Kerberos? I am working on transitioning our NIS infrastructure to one based on Kerberos and LDAP. We have the NIS=>LDAP portion migrated, but we are stuck on the NIS=>Kerbero