This is a Red Hat patch: openssh-7.7p1-gssapi-new-unique.patch
On 7/11/2022 12:26 PM, Dirk Heinrichs wrote:
Dave Botsch:
Maybe it's not in newer release of openssh?
Nope. Also looked up Debian Stretch's man page for OpenSSH 7.9. Doesn't
have it. See
On 7/8/2022 6:57 AM, Jeffrey E Altman wrote:
Use of the RHEL7 pam_krb5 on a sssd enabled system will do the wrong
thing since its going to step on the toes of sssd's Kerberos ticket
processing.
Only if you let sssd touch Kerberos. There are any number of reasons not
to let it do so (no
On 8/13/2021 11:01 AM, Dirk Heinrichs wrote:
Tried the setup right away on Debian, but it doesn't work. Seems Debian
adds some random string to the cache name, even if it's set to KEYRING:
% LC_ALL=C klist|head -1
Ticket cache: KEYRING:persistent:1000:krb_ccache_inOQJ0u
This may
On 2/7/13 8:36 AM, Antony Mayi wrote:
modern tcp/ip stack is setting Don'tFragment flag by default so
oversized packets are always dropped (relevant ICMP should be sent
back for PMTU discovery to kick in though which is not happening in
my case).
...
yes, I meant adjusting client interface
On 10/9/12 10:23 AM, Russ Allbery wrote:
Unfortunately, this is to some extent an unavoidable limitation in the way
that one specifies paths to a compiler. There isn't any way to portably
pass in a -L flag that applies only to a specific -l flag but not to any
other, so if you have multiple
[ UTF8 normalization hell discussion elided ]
I'm not recommending a solution, but I figured the Solaris ZFS behaviour
might be informative. Here is the man page excerpt for the 2 options
that control how the filesystem treats filenames:
normalization = none | formC | formD | formKC |
is
a foreign principal to the cell.
On 2/19/2011 6:15 PM, Carson Gaspar wrote:
I'm having issues setting up a new cell with krb5 auth - openafs 1.4.14,
RHEL6. I have a nasty suspicion that all of this is being caused by an
AFS keytab with the wrong salt, but as I'm not the one generating the
keytab, I can't
I'm having issues setting up a new cell with krb5 auth - openafs 1.4.14,
RHEL6. I have a nasty suspicion that all of this is being caused by an
AFS keytab with the wrong salt, but as I'm not the one generating the
keytab, I can't prove it. Below is all the debugging info I think might
be
On 9/25/10 5:00 AM, Derrick Brashear wrote:
On Sat, Sep 25, 2010 at 5:51 AM, Andrew Deasonadea...@sinenomine.net wrote:
It is known that you can't stop the client on Solaris on a running
system. (I think it's maybe only the linux and windows clients that you
can stop?)
In the 1.5/1.6
I'm seeing a panic when stopping afs on my Sol 10 U8 x86 box. Anyone
have a clue, or want more debug info? This happens consistently, and I'm
happy to test code fixes. From the console:
afs: WARM
afs: shutting down of: CB...
afs: afs...
afs: BkG...
afs: CTrunc...
afs: AFSDB...
afs: RxEvent...
David Bear wrote:
We have an issue that we haven't found a good solution for on mac osX.
We have BOTH a kerberos realm called 'asu.edu http://asu.edu', and an
active directory domain called asurite. Our afs identities are all in
the asu.edu http://asu.edu realm. We also have cifs space that
Marc Dionne wrote:
Red Hat has recently announced the availability of a beta version of
its next Red Hat Enterprise Linux release (RHEL6). While OpenAFS is
functional with this release, it generates a large volume of messages
in the system log when used with a disk cache.
...
If you have a
David S. Goldberg wrote:
- Assuming you're using ssh (I am guessing that you are), convince sshd
to write your Xauthority information somewhere else, like a file
in /tmp (and make sure your XAUTHORITY environment variable is correct).
I would guess this is possible, but I don't know if
Carson Gaspar wrote:
else
# X11UseLocalhost=no
echo add $DISPLAY $proto $cookie
fi | /usr/X11/bin/xauth -q - 12
fi
You'll also need to change the xauth path to match your local machine,
or set PATH, or use the prayer method that xauth is in your default PATH
Lars Schimmer wrote:
There are sites which could NOT apply the DNS SRV entries as of policy
of the DNS server owner :-(
But so far the 1.5.66 (windows) release does work with AFSDB only for us
(means: with only CellservDB file).
AFSDB != CellServDB. AFSDB are the old style DNS records.
--
Sean O'Malley wrote:
-icmp shouldn't be used. Some BOFH block/drop icmp.
...
-is there a standard way to do UDP mtu link detection on any platform
already?
The standard is ICMP WOULD FRAGMENT. People who block that don't deserve
functional apps. Don't cater to them.
--
Carson
Mattias Pantzare wrote:
On Wed, Jul 8, 2009 at 19:06, Carson Gasparcar...@taltos.org wrote:
Sean O'Malley wrote:
-icmp shouldn't be used. Some BOFH block/drop icmp.
...
-is there a standard way to do UDP mtu link detection on any platform
already?
The standard is ICMP WOULD FRAGMENT.
Derrick Brashear wrote:
On Wed, Jul 8, 2009 at 1:06 PM, Carson Gasparcar...@taltos.org wrote:
Sean O'Malley wrote:
-icmp shouldn't be used. Some BOFH block/drop icmp.
...
-is there a standard way to do UDP mtu link detection on any platform
already?
The standard is ICMP WOULD FRAGMENT.
Kim Kimball wrote:
Cause:
fileserver -maxmtu 1260
ifconfig bge0 mtu 1260
This may be immediately obvious to others, but it was the last place I
looked.
Once I reset the bge0 interface to mtu 1500 everything started working.
I can't say I understand the interaction, but thought mentioning
FYI, as folks have talked about the benefits of being chmod-like, the
Solaris chmod ACL syntax is (ignoring the indexed options):
A- Remove all ACEs, replace with equivalent of file mode
A-${ACLSPEC}Remove ACEs specified by ${ACLSPEC}
A=${ACLSPEC}Replace the entire ACL with
David Howells wrote:
[EMAIL PROTECTED] wrote:
I realize that the workaround is probably to install openafs-kernel-source,
which seems to satisfy the requirements of openafs-client, but is it
necessary for the kmod packages to require a kernel version? While it's
true that the kmod won't work
Hans-Werner Paulsen wrote:
On Sun, Oct 07, 2007 at 01:15:00PM -0400, Marc Dionne wrote:
+else if (hval = 131)
this patch is fine for architectures where the size of unsigned long
is 4 bytes. But on the x86_64 architecture this will not work, because
the size is 8 bytes. One can use
Re: the whole com_err mess...
If AFS has an incompatible implementation, why not just rename the
exported functions / vars and get it over with? This should be no more
than a day's work, and would solve the problem very nicely. Or am I
missing something?
--
Carson
Sean O'Malley wrote:
On Fri, 23 Mar 2007, Carson Gaspar wrote:
And sadly many user-land pieces still are not 64-bit clean. I know that
I've had to fall back to 32-bit mode for several apps on my Solaris x86
server, as I didn't have the time energy to fix the crappy source.
I ran
Chaskiel M Grundman wrote:
--On Friday, March 23, 2007 12:33:42 PM -0400 Christopher Allen Wing
[EMAIL PROTECTED] wrote:
Yes, this works; however, why do you want to use 32-bit user space?
Not that I know ken's reasoning, but here's why I would do so:
Because I already have a managed
Dale Ghent wrote:
See the following:
http://www.opensolaris.org/jive/thread.jspa?threadID=20472tstart=0
From the above referenced thread:
meem wrote:
Is there a reason they're not using crsetugid() (see ddi_cred(9F)) to
do this? Seems like if they had, everything would've worked fine.
Derek Atkins wrote:
The RPM will combine /usr/vice/etc/CellServDB.local with
/usr/vice/etc/CellServDB.dist into /usr/vice/etc/CellServDB.
If you have local changes you want to make to the CellServDB
then put them into CellServDB.local and the RPM will include
them in the new CellServDB. This is
Derek Atkins wrote:
Derrick J Brashear [EMAIL PROTECTED] writes:
However, the thing that may make sense is a package which does not munge
configuration which conflicts with the regular package but can be
installed in place of it, to address this issue. I'm unsure how we could
handle
--On Friday, October 13, 2006 10:55 PM +0200 Axel Thimm
[EMAIL PROTECTED] wrote:
firewalled environment not offering any exposure to the net. But
openafs is about (non-local) networking, so especially for openafs
you should harden your systems even more. Keeping the kernel free of
--On Monday, September 11, 2006 1:04 PM +0200 Rainer Toebbicke
[EMAIL PROTECTED] wrote:
Right, only that for a correct flock() emulation you'd also have to hold
the necessary locks to prevent another thread from seeking away between
the two calls... ideally something that is independent of the
the machines to not hang at boot if the network
is b0rked...
If it matters, this is using 1.4.0 on RHEL4U2.
[ please CC me on replies - the mail server doesn't want to process
subscription requests right now... ]
--
Carson Gaspar
___
OpenAFS-info
31 matches
Mail list logo
