search for: addressless

(was: "Re: Pending OpenSSH release, call for testing", topic drift at its finest :-) Markus Moeller wrote: > Douglas, > > OK three possible settings(hostname,connection IP,GSS_C_NO_NAME) are fine for me too. Does GSS_C_NO_NAME relate to this bug (addressless tickets)? http://bugzilla.mindrot.org/show_bug.cgi?id=488 BTW, I opened a bug the the multihomed thing a couple of days ago: http://bugzilla.mindrot.org/show_bug.cgi?id=928 -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good ju...

...4DOM.TEST at S4DOM.TEST Client: user09999 at S4DOM.TEST Ticket etype: arcfour-hmac-md5, kvno 1 Session key: aes256-cts-hmac-sha1-96 Ticket length: 1074 Auth time: Aug 19 07:53:10 2015 End time: Aug 19 17:53:04 2015 Ticket flags: enc-pa-rep, pre-authent, initial, proxiable, forwardable Addresses: addressless Is there something like a "domain password/secret" that I need to reset too in order to get aes encryption for everything? If so, how do I do that? I also cross-checked this with our windows AD (same client) and I get an AES only ticket/key: <...> Ticket etype: aes256-cts-hmac-...

Hi, I'm adding a few DNS RR's using samba-tool. I've tried to use kerberos but I don't know that to append after -k, I mean: samba-tool dns add 192.168.50.40 ejemplo.com samba4 A 192.168.50.40 -k "something" No clue after something, I've tried with Kerberos, KERBEROS, EXAMPLE.COM Is it that possible? Thanks in advance -- -- Sergio Belkin LPIC-2 Certified -

...r09999 at S4DOM.TEST > Ticket etype: arcfour-hmac-md5, kvno 1 > Session key: aes256-cts-hmac-sha1-96 > Ticket length: 1074 > Auth time: Aug 19 07:53:10 2015 > End time: Aug 19 17:53:04 2015 > Ticket flags: enc-pa-rep, pre-authent, initial, proxiable, forwardable > Addresses: addressless > > Is there something like a "domain password/secret" that I need to reset too in order to get aes encryption for everything? > > If so, how do I do that? > > I also cross-checked this with our windows AD (same client) and I get an AES only ticket/key: > > <.....

...r: krbtgt/EXAMPLE.COM at EXAMPLE.COM > Client: Administrator at EXAMPLE.COM > Ticket etype: aes256-cts-hmac-sha1-96, kvno 1 > Ticket length: 1132 > Auth time: Aug 21 16:12:43 2018 > End time: Aug 22 02:12:43 2018 > Ticket flags: pre-authent, initial, forwardable > Addresses: addressless > > > If I omit "-k yes" it prompts for the password, and works but I'd > like to do the same with kerberos. > > Am I doing something wrong? > > Thanks in advance The syntax is 'samba-tool dns zonelist <server>' not 'samba-tool dns zoneli...

...|WONTFIX ------- Additional Comments From simon at sxw.org.uk 2005-07-07 01:08 ------- All of the options setting code was pulled from auth-krb5.c, because without it the settings in /etc/krb5.conf are used. You should be able to achieve the same results as this patch by setting 'addressless' in the [libdefaults] section of your /etc/krb5.conf If you still believe OpenSSH needs a specific option for this behaviour, please reopen this bug. Thanks, Simon. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: smoogen at lanl.gov Patch from one of LANL's clustering groups. This allows for openssh to deal with addressless tickets which seem to come up in areas with 1024+ nodes or so. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=488 ------- Additional Comments From smoogen at lanl.gov 2003-02-07 09:44 ------- Created an attachment (id=224) --> (http://bugzilla.mindrot.org/attachment.cgi?id=224&action=view) Patch for addressless kerberos tickets

...================================= * Support for AES in GSSAPI has been implemented. This corresponds to the in-progress work in the IETF (CFX). * Added a new ccache type "MSLSA:" for read-only access to the MS Windows LSA cache. * On Windows, krb5.exe now has a checkbox to request addressless tickets. * To avoid compatibility problems, unrecognized TGS options will now be ignored. * 128-bit AES has been added to the default enctypes. * AES cryptosystem now chains IVs. This WILL break backwards compatibility for the kcmd applications, if they are using AES session keys. - ----...

Hi, I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“: # kinit testuser1 testuser1 at S4DOM.TEST's Password: # klist -v Credentials cache: FILE:/tmp/krb5cc_0 Ticket etype: arcfour-hmac-md5, kvno 1 I can create keytabs containing