Description:
The Kerberos authentication server.
|
|
|
kerberos and selinux
|
| |
I run with SELinux enabled, and krb5kdc and kadmin both want read access to /etc/pki/tls on startup. I'm using ldaps as the protocol for talking to slapd, is this why? This is on Centos 5, which I know is a bit old.
My KDC and kadmin work fine without allowing this access, and there's nothing in krb5kdc.log or kadmind.log, just the AVC's in audit.log.... more »
|
|
|
Leverage Kerberos/Wallet for non-interactive SSH and script execution
|
| |
Hi,
I'd like to leverage our Kerberos (and Wallet) infrastructure to enable non-interactive SSH/SCP between two servers for a given user. Is this possible? Using MIT Kerberos 1.10 on Ubuntu 12.04 everywhere, currently still with Wallet from prior to 1.0 (but after 0.12).
The scenario is this: We have a Jenkins build server (build01) and an... more »
|
|
|
Options for enforcing password policies
|
| |
Hi everyone,
What options are available for enforcing password policies for an MIT kerberos realm?
The passwords policies would:
* passwords must be a minimum length
* passwords must contain at least one upper case letter, lowercase letter, number, and a special character.
* passwords may not contain certain characters, like unicode or some ACSII characters... more »
|
|
|
Crash while freeing data.
|
| |
Hi,
I am using kerberos 1.11.2 version for development while using the pkinit option for certificate implementation observed a crash.
Steps followed:-
Set pkinit details using
krb5_get_init_creds_opt_set_pa -- set anchor and identity options.
krb5_get_init_creds_pass word - with password as empty since in certificate password will not be supplied and password promter as NULL and other details as mentioned in the documentation.... more »
|
|
|
Multiple realms served by single kadmind
|
| |
Hello
Is it possible to server several realms from a single kadmind process? With the the krb5kdc process it's as simple as specifying multiple -r
REALM flags on the command line?
I have a server that needs to support 4 separate realms and the kdc is
working fine but whenever users try to change their passwords they get:... more »
|
|
|
Help in incorporating PKINIT
|
| |
Hi,
Starting new e-mail since felt that old e-mail was containing too much info (not clear one).
I am using the MIT kerberos client API's to develop keberos client for a system.
1. Use custom named conf file for storing the realm, libdefaults etc this file once information is written is set to the ... more »
|
|
|
Kerberos FTP ticket filename
|
| |
Hi all,
I am having a problem here with the FTP authentication using Kerberos.
What is happening is that when I connect from host_A to host_B using ftp,
the acquired ticket (in host_B) is being stored as "/tmp/krb5cc_503_z2fgka".
I also had this problem in SSH logins, and it seems to be related to a... more »
|
|
|
Incorrect delegation state shown on acceptor side by context flags
|
| |
Hi,
It seems there is a bug in MIT kerberos gss source code where the
delegation state is set in context flags on acceptor side.
I am using a keytab on server side to acquire credentials with in memory
credential cache : *cred->usage == GSS_C_BOTH*
Client has *delegation flag set to false* but has a *forwardable TGT*.... more »
|
|
|
Need help with PKINIT
|
| |
HI,
Adding more information to the previous e-mail thread.
In the conf file following information is stored.
pkinit_anchors = FILE:<path>/cacert.pem
pkinit_identity = FILE:<path>/client.pem,& lt;path>/clientkey.pem
When this was tested and same was captured in the wireshark it has AS_REQ messages not PA-PK-AS-REQ... more »
|
|
|
