Hi,
I have setup an OpenBSD 7.2 machine running Heimdal 7.7.0 as a Kerberos
server. I then have an NFS Linux server running Arch Linux on another
machine. I then have a FreeBSD NFS client and another Arch Linux NFS
client on other physical hardware (all physical machines on the same LAN
On Sat, 30 Jul 2022, Michael Dinon wrote:
> Is it normal to have a Local Kerberos Realm configured on a brand new
> MacBook?
Wrong mailing list! You must have meant to send the question to
freebsd-questi...@freebsd.org. That is where OS X users congregate.
Cheers,
Predrag
Is it normal to have a Local Kerberos Realm configured on a brand new
MacBook?
--
Kind regards,
Mike
to use Kerberised SSH to perform
some work on one of .mil servers. I opened egress ports kerberos,
klogin, kshell TCP protocol as well as kerberos UDP. After the work is
finished and desktops are "logged out" routing tables (dns) are in a bad
state on the firewall. A simple
pfctl -F a
NERIC.MP#0 octeon
> >
> > The desktops behind the firewall have to use Kerberised SSH to perform
> > some work on one of .mil servers. I opened egress ports kerberos,
> > klogin, kshell TCP protocol as well as kerberos UDP. After the work is
> > finished and desktops a
SSH to perform
> some work on one of .mil servers. I opened egress ports kerberos,
> klogin, kshell TCP protocol as well as kerberos UDP. After the work is
> finished and desktops are "logged out" routing tables (dns) are in a bad
> state on the firewall. A simple
>
GENERIC.MP#0 octeon
The desktops behind the firewall have to use Kerberised SSH to perform
some work on one of .mil servers. I opened egress ports kerberos,
klogin, kshell TCP protocol as well as kerberos UDP. After the work is
finished and desktops are "logged out" routing tables (dns) ar
Hi Misc,
I am using Edgerouter lite as a firewall/DNS cashing resolver for one of
our remote location
ubnt1# uname -mrsv
OpenBSD 6.5 GENERIC.MP#0 octeon
The desktops behind the firewall have to use Kerberised SSH to perform
some work on one of .mil servers. I opened egress ports kerberos
What is/are the alternative(ies) for kerberos on openbsd ? (Since is was
removed from the distribution).
Thanks.
On 09/12/15 15:13, Friedrich Locke wrote:
What is/are the alternative(ies) for kerberos on openbsd ? (Since is was
removed from the distribution).
Thanks.
Don't know if you can compile it, but the commit-remove msg is all time
classic :)
http://marc.info/?l=openbsd-cvs=139816103911227=2
G
On Wed, Dec 09, 2015 at 11:13:40AM -0200, Friedrich Locke wrote:
> What is/are the alternative(ies) for kerberos on openbsd ? (Since is was
> removed from the distribution).
I use kerberos from ports every day with FF. Unfortunatelly
other apps from ports don't have krb flavor so you eithe
On Wed, Dec 09, 2015 at 11:13:40AM -0200, Friedrich Locke wrote:
> What is/are the alternative(ies) for kerberos on openbsd ? (Since is was
> removed from the distribution).
It depends on your exact needs, but there's:
ports/security/heimdal
ports/sysutils/login_krb5
--
Antoine
I am a little outdated, but was heimdal removed from the bsd world or it
was just moved from the base system to the ports collection ?
Thanks.
On 12/09/15 17:45, Friedrich Locke wrote:
> I am a little outdated, but was heimdal removed from the bsd world or it
> was just moved from the base system to the ports collection ?
>
> Thanks.
>
>
Ports
/usr/ports/security/heimdal
Reading current.html, I noticed that KerberosV was removed. I would like
to now why?
Recentely (a year or two), it was update from 0.7 to 1.5
On Thu, May 1, 2014 at 5:09 PM, Rodrigo Mosconi open...@mosconi.mat.br
wrote:
Reading current.html, I noticed that KerberosV was removed. I would like
to now why?
Recentely (a year or two), it was update from 0.7 to 1.5
What was unclear about the commit message?
Log message:
The
2014-05-01 21:14 GMT-03:00 Philip Guenther guent...@gmail.com:
On Thu, May 1, 2014 at 5:09 PM, Rodrigo Mosconi open...@mosconi.mat.br
wrote:
Reading current.html, I noticed that KerberosV was removed. I would like
to now why?
Recentely (a year or two), it was update from 0.7 to 1.5
Reading current.html, I noticed that KerberosV was removed. I would like
to now why?
Recentely (a year or two), it was update from 0.7 to 1.5
It is crap. Eventually we recognize the risk is to high.
Then situations change.
On Tue, Mar 11, 2014 at 09:36:01PM -0300, Friedrich Locke wrote:
Hi folks.
May someone tell me how do i enable gssapi and krb support to sshd/ssh ?
Do you really need GSSAPI or do you just need Kerberos authentication?
If Kerberos auth is enough, you can change login.conf default auth to use
Hi folks.
May someone tell me how do i enable gssapi and krb support to sshd/ssh ?
Thanks in advance.
PS: i am running OBSD 5.4
On Tue, Mar 11, 2014, at 08:36 PM, Friedrich Locke wrote:
Hi folks.
May someone tell me how do i enable gssapi and krb support to sshd/ssh ?
Thanks in advance.
PS: i am running OBSD 5.4
I don't use it myself, but this might help;
May someone tell me how do i enable gssapi and krb support to sshd/ssh ?
Look at diffs to the Makefile in the recent past.
PS: i am running OBSD 5.4
As soon as you enable it, you are not running OpenBSD 5.4. You will
be on your own, and we expect you to understand that.
Or maybe not. :)
but if that's really what you want, I would start with;
http://web.mit.edu/kerberos/
You know there are modern alternatives, right?
You might want to Wiki Kerberos...
On Tue, Mar 11, 2014, at 10:39 PM, Eric Furman wrote:
On Tue, Mar 11, 2014, at 08:36 PM, Friedrich Locke wrote
Hi,
In kerberos(8) man page, the link no longer points to the Kerberos FAQ
page.
Can this link http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
be changed to:
http://www.cmf.nrl.navy.mil/krb/kerberos-faq.html ?
Senthil
On Mon, Nov 11, 2013 at 03:21:19PM -0800, Senthil Kumar M wrote:
In kerberos(8) man page, the link no longer points to the Kerberos FAQ
page.
Can this link http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
be changed to:
http://www.cmf.nrl.navy.mil/krb/kerberos-faq.html ?
Please
Kerberos is disabled per default in SSH now?
Any plans to enable it again?
I would also like to know about this (was a nasty surprise when I couldn't log
into work after a snapshot upgrade!).
Are there also plans to remove this from openssh-portable, or is this just
limited to OpenBSD's ssh
Kerberos is disabled per default in SSH now?
Revision 1.60: download - view: text, markup, annotated - select for diffs
Wed Jun 19 05:27:06 2013 UTC (5 weeks, 5 days ago) by deraadt
Branches: MAIN
Diff to: previous 1.59: preferred, coloured
Changes since revision 1.59: +2 -1 lines
stop doing
Hi,
On Fri, Apr 12, 2013 at 01:06:30PM -0300, Friedrich Locke wrote:
Hi folks,
i am running OBSD 5.2 and i would like to try to connect to a kerberos
server using php.
In the following link http://www.php.net/manual/en/book.kadm5.php in the
requirement section it is stated
On 2013-04-12, Rémi Bougard r...@unicsdev.com wrote:
Hi,
On Fri, Apr 12, 2013 at 01:06:30PM -0300, Friedrich Locke wrote:
Hi folks,
i am running OBSD 5.2 and i would like to try to connect to a kerberos
server using php.
In the following link http://www.php.net/manual/en/book.kadm5.php
Hi folks,
i am running OBSD 5.2 and i would like to try to connect to a kerberos
server using php.
In the following link http://www.php.net/manual/en/book.kadm5.php in the
requirement section it is stated :
No external libraries are needed to build this extension.
OBSD, apache
On Sat, May 07, 2011 at 09:28:48PM -0500, Markus Peloquin wrote:
On Fri, 2011-05-06 at 16:20 +0100, Jason McIntyre wrote:
On Fri, May 06, 2011 at 09:39:48AM -0500, Vijay Sankar wrote:
man 8 kerberos has the following URL
http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
On Sun, May 08, 2011 at 08:26:04AM +0100, Jason McIntyre wrote:
On Sat, May 07, 2011 at 09:28:48PM -0500, Markus Peloquin wrote:
On Fri, 2011-05-06 at 16:20 +0100, Jason McIntyre wrote:
On Fri, May 06, 2011 at 09:39:48AM -0500, Vijay Sankar wrote:
man 8 kerberos has the following URL
On 2011-05-08, Jason McIntyre j...@cava.myzen.co.uk wrote:
On Sat, May 07, 2011 at 09:28:48PM -0500, Markus Peloquin wrote:
On Fri, 2011-05-06 at 16:20 +0100, Jason McIntyre wrote:
On Fri, May 06, 2011 at 09:39:48AM -0500, Vijay Sankar wrote:
man 8 kerberos has the following URL
http
On Fri, 2011-05-06 at 16:20 +0100, Jason McIntyre wrote:
On Fri, May 06, 2011 at 09:39:48AM -0500, Vijay Sankar wrote:
man 8 kerberos has the following URL
http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
It should be http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos
man 8 kerberos has the following URL
http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
It should be http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
--- kerberos.8 Mon May 7 13:04:03 2007
+++ kerberos.8.tmp Fri May 6 09:37:19 2011
@@ -73,7 +73,7 @@
.Pp
For more
On Fri, May 06, 2011 at 09:39:48AM -0500, Vijay Sankar wrote:
man 8 kerberos has the following URL
http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
It should be http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
kerberos docs are maintained by the kerberos (heimdal
$ diff -u -p /usr/src/kerberosV/src/lib/krb5/kerberos.8 kerberos.8
--- /usr/src/kerberosV/src/lib/krb5/kerberos.8 Wed Nov 17 06:53:36 2010
+++ kerberos.8 Wed Nov 17 06:37:52 2010
@@ -73,7 +73,7 @@ without giving your password.
.Pp
For more information on how Kerberos works, and other general
On Wed, Nov 17, 2010 at 07:03:55AM +0100, Tomas Bodzar wrote:
$ diff -u -p /usr/src/kerberosV/src/lib/krb5/kerberos.8 kerberos.8
--- /usr/src/kerberosV/src/lib/krb5/kerberos.8 Wed Nov 17 06:53:36 2010
+++ kerberos.8 Wed Nov 17 06:37:52 2010
@@ -73,7 +73,7 @@ without giving your password
this?
For clients, all of my Kerberos settings are in DNS; there is no krb5.conf.
Here is krb5.conf on the Kerberos server:
Try adding the following into your krb5.conf:
[appdefaults]
kinit = {
afslog = no
}
Or comment the entry in /etc/afs/ThisCell.
--
Antoine
from IPv4:10.0.9.15 for
krbtgt/ualberta...@mokaz.com
2010-10-04T02:40:11 Server not found in database:
krbtgt/ualberta...@mokaz.com: No such entry in the database
Why am I getting these errors? Are they compiled in?
How do I quiet this?
For clients, all of my Kerberos settings are in DNS
Hello,
I'm playing with Kerberos authentification on my box and there
are some problems that I need assistance for.
For the first time I saw a lack of documentation on OpenBSD
(Weel, may be it's time to contribute :-)) regarding authentification.
The FAQ doesn't help much on Kerberos. It just
On Wed, 19 May 2010, Claer wrote:
It seems that the client is trying to get a ticket for the afs client.
AFS is not enabled on my BSD box and I don't need it. The only reference
I found on UALBERTA.CA is /etc/afs/ThisCell. Is there a way to
disable this behavior?
Yes.
[appdefaults]
On Wed, May 19 2010 at 17:11, Antoine Jacoutot wrote:
On Wed, 19 May 2010, Claer wrote:
It seems that the client is trying to get a ticket for the afs client.
AFS is not enabled on my BSD box and I don't need it. The only reference
I found on UALBERTA.CA is /etc/afs/ThisCell. Is there a way
to
disable this behavior?
Yes.
[appdefaults]
kinit = {
afslog = no
}
Continuing to play with Kerberos, I'm adding ypldap into play.
This time, I'd like to use ldap to add entries to getent passwd
and Kerberos for authentification (I'd like to avoid
-or-pwd,passwd:
But, when I try to ssh in with -l claer, sshd doesn't seem to find
the claer passwd entry and I have this line on the kerberos server :
May 19 17:18:46 diogene krb5kdc[18818](info): AS_REQ (8 etypes {18 17 16 5 23
3 2 1}) 172.16.1.1: CLIENT_NOT_FOUND: nou...@claer.hammock.fr
been modified regarding auth entry :
auth-defaults:auth=krb5-or-pwd,passwd:
But, when I try to ssh in with -l claer, sshd doesn't seem to find
the claer passwd entry and I have this line on the kerberos server :
May 19 17:18:46 diogene krb5kdc[18818](info): AS_REQ (8 etypes {18 17 16 5
Am 19.05.2010 20:52, schrieb Claer:
However, on the kerberos server side, no request have been made to the
claer account :
May 19 20:44:56 diogene krb5kdc[18818](info): AS_REQ (8 etypes {18 17 16 5 23 3
2 1}) 172.16.1.1: CLIENT_NOT_FOUND: nou...@claer.hammock.fr for
krbtgt/claer.hammock
On Wed, May 19 2010 at 14:21, Enrico Scichilone wrote:
Am 19.05.2010 20:52, schrieb Claer:
However, on the kerberos server side, no request have been made to the
claer account :
May 19 20:44:56 diogene krb5kdc[18818](info): AS_REQ (8 etypes {18 17 16 5
23 3 2 1}) 172.16.1.1: CLIENT_NOT_FOUND
On 9/5/09, Edho P Arief edhopr...@gmail.com wrote:
3Mhz was a typo. Should have been Ghz.
In my world it's not a big deal even for healthy in informal writing.
On 9/4/09, Joachim Schipper joac...@joachimschipper.nl wrote:
I'm inclined to question your should,
My intention is just to give a try to Kerberos. If a few lines of
elaboration is not too inconvenient to you, It would be great to read
it.
Do note that FTP is pretty much a relic.
The single
On Sat, Sep 05, 2009 at 07:43:04PM +0200, soko.tica wrote:
On 9/4/09, Joachim Schipper joac...@joachimschipper.nl wrote:
I'm inclined to question your should,
My intention is just to give a try to Kerberos. If a few lines of
elaboration is not too inconvenient to you, It would be great
On Thu, Sep 03, 2009 at 12:56:41PM +0200, soko.tica wrote:
Hello list,
I am setting up a mini network for myself, but trying to imitate a
full-fledged network with all servers required, everything on i386
architecture. Everything will run on 4.5 stable.
Since Squid and Kerberos should
, everything on i386
architecture. Everything will run on 4.5 stable.
Since Squid and Kerberos should be deployed, and I haven't worked with
any of them, could anyone tell me which of them consumes more CPU
power? I have two i386 boxes available, 3.00Mhz 512 Mb RAM and celeron
2.88Mhz 750Mb RAM
Hello list,
I am setting up a mini network for myself, but trying to imitate a
full-fledged network with all servers required, everything on i386
architecture. Everything will run on 4.5 stable.
Since Squid and Kerberos should be deployed, and I haven't worked with
any of them, could anyone tell
On Thu, Sep 3, 2009 at 5:56 PM, soko.ticasoko.t...@gmail.com wrote:
Hello list,
I am setting up a mini network for myself, but trying to imitate a
full-fledged network with all servers required, everything on i386
architecture. Everything will run on 4.5 stable.
Since Squid and Kerberos
Hello all!
Installing pgsql server for the first time, I get stuck on this (which
is a part of the /usr/local/share/doc/postgresql/README.OpenBSD)
ktutil -k /etc/postgresql/krb5.keytab get postgres/server.domain
ktutil: connect(kerberos.mydomain): Connection timed out
ktutil:
On Mon, 2008-04-07 at 20:48 -0700, Clint Pachl wrote:
Is the ~/.k5user file supported in OpenBSD's Heimdal implementation? I'm
...
BTW, what is /root/.klogin? Is it for kerberos 4? It doesn't have a man
Yes, it is (was) for krb4.
[demime 1.01d removed an attachment of type application/pgp
Is the ~/.k5user file supported in OpenBSD's Heimdal implementation? I'm
running OBSD 4.1.
kadmin list *
root
pachl
default
root/root
pachl/root
pachl/admin
kadmin/admin
kadmin/hprop
kadmin/changepw
krbtgt/MOKAZ.COM
changepw/kerberos
host/htx.mokaz.com
host/kerberos.mokaz.com
host
Dear folks,
i am losing my hear. I am in need to get a gentoo linux desktop (note:
running garbage stuff like linux is not my choice but a user
requirement) to authenticate through kerberos. For now i could do it
only on console tty and sshd server. But when i try to auth in the
local xdm/gdm
My previous message was probably a bit dense, so I'll try my best to get right
to the point.
kerberos kinit was failing, giving me the error incorrect net address
The kdc.log file indicated that the request was coming from ::1 (the IPv6
loopback,
is that right?)
After much looking, I found
On Tue, 03 Jul 2007 03:39:51 +
Douglas Maus [EMAIL PROTECTED] wrote:
Could someone help me understand IP addresses, DNS, and
Kerberos on OpenBSD?
I was getting incorrect net address when trying to kinit,
and I found that switching 2 lines in /etc/hosts
putting first
10.0.1.201
Could someone help me understand IP addresses, DNS, and
Kerberos on OpenBSD?
I was getting incorrect net address when trying to kinit,
and I found that switching 2 lines in /etc/hosts
putting first
10.0.1.201 auth.my.realm auth
before
::1 auth.my.realm auth
fixed this, but I don't understand
Hello all, I'm having a problem setting up kerberos on an OpenBSD
system. Please advise as you can.
Thanks!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
LEGEND (names changed for security)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
kdc = linux box, kdc and kerberos admin server
krbc1 = krb5 client
[EMAIL PROTECTED] wrote:
Hello all, I'm having a problem setting up kerberos on an OpenBSD
system. Please advise as you can.
...8...
I then tried kadmin on krbc2, which doesn't work. It doesn't even bother
with trying to get to the admin server. It just gives me a prompt
'kadmin'. Perhaps
On 05/06/07, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Hello all, I'm having a problem setting up kerberos on an OpenBSD
system. Please advise as you can.
Thanks!
In my research about Kerberos I encountered statements that Heimdal
(what is in OpenBSD) and MIT (what seems to be the most
-Original Message-
From: Janne Johansson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 11:09 AM
To: David Rogal
Cc: misc@openbsd.org
Subject: Re: OpenBSD and Kerberos Client
[EMAIL PROTECTED] wrote:
Hello all, I'm having a problem setting up kerberos on an OpenBSD
system
. A
'catch 22' which makes OpenBSD unusable for us in this circumstance.
Perhaps this is an incentive for Heimdal developers to get kadmin to
work with MIT Kerberos. That would help increase its userbase.
perhaps a better place for a thread like this is on heimdal-discuss?
love and company
[EMAIL PROTECTED] wrote:
-Original Message-
From: Janne Johansson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 11:09 AM
To: David Rogal
Cc: misc@openbsd.org
Subject: Re: OpenBSD and Kerberos Client
[EMAIL PROTECTED] wrote:
Hello all, I'm having a problem setting up kerberos
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 12:53 PM
To: David Rogal
Cc: misc@openbsd.org
Subject: Re: OpenBSD and Kerberos Client
Might I suggest you try this from the OBSD box:
/usr/sbin/ktutil -k /etc/kerberosV/krb5.keytab get \
-p myname/[EMAIL PROTECTED] host/[EMAIL PROTECTED
servers here, so if heimdal can talk to Bill-kerberos, it should
manage MIT too. ;)
Signal to Noise ratio high in your last post.
You think you trim some of the fat from your e-mails in your future posts?
In your last e-mail you had a 4 line replay and 30 lines telling me how to
locate you, get in touch with you via snail mail, tele, FAX and e-mail.
Also, it was apparent the
-Original Message-
From: Janne Johansson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 1:56 PM
To: David Rogal
Cc: misc@openbsd.org
Subject: Re: OpenBSD and Kerberos Client
[EMAIL PROTECTED] wrote:
Might I suggest you try this from the OBSD box:
/usr/sbin/ktutil -k /etc
On Tuesday 05 June 2007 14:59:07 [EMAIL PROTECTED] wrote:
Any chance you could help write up some documentation? Kerberos on
OpenBSD doesn't really have any good docs that I could find. Maybe I
could then retry this effort in the future. For expediency though, I
will have to reinstall
On Tue, Jun 05, 2007 at 01:59:07PM +0100, [EMAIL PROTECTED] wrote:
Any chance you could help write up some documentation? Kerberos on
OpenBSD doesn't really have any good docs that I could find. Maybe
I could then retry this effort in the future. For expediency
though, I will have to reinstall
[EMAIL PROTECTED] wrote:
Perhaps, but I think you will have to take it on the heimdal lists,
I'm fairly sure it does interoprate with various kinds of krb5
implementations, not just the MIT one. We make the AD hang of our
heimdal servers here, so if heimdal can talk to Bill-kerberos,
it should
On Tuesday 05 June 2007 07:59, [EMAIL PROTECTED] wrote:
Any chance you could help write up some documentation? Kerberos on
OpenBSD doesn't really have any good docs that I could find. Maybe I
could then retry this effort in the future. For expediency though, I
will have to reinstall
On 05/06/07, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
I've also found some people complaining that keytabs created on a
different server than the one in which they are meant for do not work
very well.
In my small amount of testing/playing with it I had a keytab generated
on FreeBSD server
This must be another troll wandering in the Docklands area.
Signal to Noise ratio high in your last post.
You think you trim some of the fat from your e-mails in your future posts?
In your last e-mail you had a 4 line replay and 30 lines telling me how to
locate you, get in touch with you
[EMAIL PROTECTED] wrote:
please consider the environment before printing this e-mail.
aha, that's why we can only get an 8A feed at Harbour Exchange,
the power is used up for .sig transmission (-:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Diana Eichert
Sent: Tuesday, June 05, 2007 1:55 PM
To: misc@openbsd.org
Subject: Re: OpenBSD and Kerberos Client
Signal to Noise ratio high in your last post.
You think you trim some of the fat from your
On Tue, Jun 05, 2007 at 03:16:06PM +0100, [EMAIL PROTECTED] wrote:
I don't have the audacity to do anything. The email signature is
defined through company policy and tacked on by the M$ Exchange
Server on the way out. I have no say and only see it when I get
replies to my email.
Have you
Maybe he is trying to impress anyone, specially UK-based openbsd misc
subscribers, in a
meditative way possible that he works for a company in the Docklands?
Saying that configuring this is better and easier than Redhat Linux has no
place in
the OpenBSD mailing lists.
On Tue, Jun 05, 2007 at
On Tue, 5 Jun 2007, [EMAIL PROTECTED] wrote:
I don't have the audacity to do anything. The email signature is defined
through company policy and tacked on by the M$ Exchange Server on the
way out. I have no say and only see it when I get replies to my email.
But, I'm glad that you appreciate
[EMAIL PROTECTED] wrote:
I don't have the audacity to do anything. The email signature is defined
through company policy and tacked on by the M$ Exchange Server on the
way out. I have no say and only see it when I get replies to my email.
If your company insists on such stupid policies you
Diana Eichert [EMAIL PROTECTED] writes:
Another poster had a suggestion you might take to heart, get a free
e-mail account somewhere which you can control. It's actually a great
suggestion,
I second that. Not only do you then get to speak as *yourself*, if
you set things up right you also
On Mon, Mar 12, 2007 at 08:27:46PM -0300, Gustavo Rios wrote:
I would like to prevent password authentication for users that does
not have a valid /etc/passwd password entry. It that possible?
My current configuration retrieves the kerberos server login password!
How could it be done
I would like to prevent password authentication for users that does
not have a valid /etc/passwd password entry. It that possible?
My current configuration retrieves the kerberos server login password!
How could it be done?
thanks in advance.
From: [EMAIL PROTECTED]
you may have to fish online for some of the option
descriptions since stuff like
correct_des3_mic aren't in the manpage for krb5.conf. is
there any plan to
update the manpage with these missing options?
Nope. gssapi(3) has that and more.
DS
Original message
Date: Sat, 15 Jul 2006 23:18:53 -0300
From: Gustavo Rios [EMAIL PROTECTED]
Subject: Kerberos
To: misc@openbsd.org
Well, here i am again.
I was expecting that the granted ticket always hold the address to
which it is valid. After obtaining a ticket by means of kinit
Well, here i am again.
I was expecting that the granted ticket always hold the address to
which it is valid. After obtaining a ticket by means of kinit, i got
the following:
$ kinit
[EMAIL PROTECTED]'s Password:
$ klist -v
Credentials cache: FILE:/tmp/krb5cc_1000
Principal: [EMAIL
On Sun, 2006-07-09 at 18:58 -0500, Jacob Yocom-Piatt wrote:
any advice would be appreciated. i suspect that this is some issue related to
the KDC runnning current and the other machines being on 3.9 release.
this shouldn't matter as the language heimdal speaks is the same,
for the most part as
to, if possible,
turn up the kerberos
log level.
any advice would be appreciated. i suspect that this is some
issue related to
the KDC runnning current and the other machines being on 3.9 release.
I ran into similar failures between versions of OpenBSD (KDC running current
and older releases
of the problem is, I hate fixing something blindly without knowing
why it's fixed.
this has fixed most of the problems, except i can't ssh out from the KDC using
kerberos auth. messing with broken_des3_mic = host/[EMAIL PROTECTED] will
probably fix
that, haven't tried it yet.
i think this reflects
From: [EMAIL PROTECTED]
Assuming this works for you, I'd be interested in knowing
what the exact
nature of the problem is, I hate fixing something blindly
without knowing
why it's fixed.
this has fixed most of the problems, except i can't ssh out
from the KDC using
kerberos auth
kerberos is setup to authenticate ssh sessions on my local network. it works
fine to and from all the machines on the network except for the KDC itself.
kerberos auth fails when sshing to or from the KDC. the logs of these failures
from /var/heimdal/kdc.log, /var/log/authlog and ssh -vvv outputs
hi list,
i try to build the samba ldap port with kerberos support. i have added
the --with-ads --with-krb5 options to the Makefile. but the configure
script reported:
checking whether LDAP support is used... yes
checking for Active Directory and krb5 support... no
maybe the missing krb5-config
wrote:
hi list,
i try to build the samba ldap port with kerberos support. i have added
the --with-ads --with-krb5 options to the Makefile. but the configure
script reported:
checking whether LDAP support is used... yes
checking for Active Directory and krb5 support... no
maybe the missing
please try the version from ftp.sernet.de there is also heimdal
for krb support with samba.
Thomas
Am Dienstag, den 06.06.2006, 17:06 +0200 schrieb Thomas Schoeller:
hi list,
i try to build the samba ldap port with kerberos support. i have added
the --with-ads --with-krb5 options
Good day,
I am trying to set up a network with OpenBSD 3.9 as core of a single
sign-on solution using Kerberos5 authentication, OpenLDAP as the
directory service, with Samba serving Windows clients. I followed the
steps in info heimdal and can get tickets. I then set up OpenLDAP,
added the
i've got a single kerberos server for 2 realms with most of the configuration i
want. there are a few things i still need clarification on:
(1) cross-realm authentication; this is discussed in the info page for heimdal
where the following is printed:
For a two way trust between MY.REALM
100 matches
Mail list logo