search for: default_ccache_nam

/Hello, i m playing around with MIT kerberos at moment and got the problem that openssh do not honor the "default_ccache_name" variable in /etc/krb5.conf. It looks like the FILE based credential cache is hardcoded and openssh set KRB5CCNAME to it, but i would like to use the KEYRING cache. Is there any way to tell ssh to use the cache set in "default_ccache_name"? /Many thanks in advance and best regar...

https://bugzilla.mindrot.org/show_bug.cgi?id=3203 Bug ID: 3203 Summary: Could default_ccache_name from krb5.conf be used for GSSAPI connections? Product: Portable OpenSSH Version: 8.3p1 Hardware: ix86 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Kerberos support...

...ture broke times before by varia reasons > "just a shot in the dark", if you use kerberos tickets in /tmp then > stuff changed in 18.04 this also broke our cifs automounter > see here > https://blog.nutmeg.at/2017/04/17/getting-pam-krb5-working-autofs-and-cifs/ > i did > default_ccache_name = FILE:/tmp/krb5cc_%{uid} > in /etc/krb5.conf > to fix our problem Thanks you very much for your answer! I tried to set default_ccache_name in /etc/krb5.conf as you suggest above but "lpr" still asks "Password for [myuser] on localhost?". My CIFS mount works fine (as b...

...ber ~]# cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false # default_realm = EXAMPLE.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM Looks like krb5.conf is unconfigured. Is there a Samba guide as to how this should be configur...

...ingly ignores the kerberos ccache as configured in krb5.conf when using "krb5-user" as the kerberos package and will instead always default to using "FILE:/tmp/krb5cc_uid". I tested each valid default ccache name type but smbclient completely ignores whatever is set as the "default_ccache_name" in the conf file. I went on to test "heimdal-clients" as the kerberos package and smbclient appears to be using the ccache that is configured in the conf file. This behavior occurs on Ubuntu 20.04 and 19.10 as well as Debian 10.5. Swapping krb5-user for heimdal-clients is not a de...

...ot; ccache types would work with heimdal. Continuing on... The heimdal variant of kerberos uses a different parameter name for the default ccache name property than what is used by krb5-user. In heimdal the parameter name is "default_cc_name" and in krb5-user the parameter name is "default_ccache_name". I was throwing the kitchen sink at the problem this morning and so, with krb5-user installed, I decided to try substituting the parameter name spelling to the heimdal parameter name. So in the krb5.conf I used "default_cc_name = KEYRING:persistent:%{uid}" instead of "default_...

...LE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false # default_realm = EXAMPLE.COM # Utile ou pas ? default_realm = STUDELEC-SA.COM dns_lookup_kdc = true default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM

...;> "just a shot in the dark", if you use kerberos tickets in /tmp then >>> stuff changed in 18.04 this also broke our cifs automounter >>> see here >>> https://blog.nutmeg.at/2017/04/17/getting-pam-krb5-working-autofs-and-cifs/ >>> i did >>> default_ccache_name = FILE:/tmp/krb5cc_%{uid} >>> in /etc/krb5.conf >>> to fix our problem >> >> I tried to set default_ccache_name in /etc/krb5.conf as you suggest above but "lpr" still asks "Password for [myuser] on localhost?". >> My CIFS mount works fine (a...

Hello, After upgrading from Ubuntu 16.04 to 18.04 printing via SMB-Kerberos no longer works (printing still works in 18.04 when I print via SMB but I don't want to have the password stored in clear text in /usr/lib/cups/backend/smb). In 16.04 I can just type "lpr file.pdf", but when doing this in 18.04 I get "Password for [myuser] on localhost?" and it expects me to type

.../usr/local/samba/var/locks/sysvol read only = No [home] comment = Directorios Personales path = /home/usuarios read only = No Kerberos are work fine krb5.conf: [libdefaults] default_realm = DOMINIO.MTZ.SLD.CU dns_lookup_realm = false dns_lookup_kdc = true default_ccache_name = KEYRING:persistent:%{uid} When I run this command while config my samba: #net rpc rights grant 'DOMINIO\Domain Admins' SeMachineAccountPrivilege \ SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege \ SeRemoteShutdownPrivilege -UAdministrator and all work fine. but...

...ar/log/krb5kdc.log >> admin_server = FILE:/var/log/kadmind.log >> >> [libdefaults] >> dns_lookup_realm = false >> ticket_lifetime = 24h >> renew_lifetime = 7d >> forwardable = true >> rdns = false >> # default_realm = EXAMPLE.COM >> default_ccache_name = KEYRING:persistent:%{uid} >> >> [realms] >> # EXAMPLE.COM = { >> # kdc = kerberos.example.com >> # admin_server = kerberos.example.com >> # } >> >> [domain_realm] >> # .example.com = EXAMPLE.COM >> # example.com = EXAMPLE.COM >>...

...tent krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_realm = DOMAIN.LOCAL default_ccache_name = KEYRING:persistent:%{uid} [realms]# EXAMPLE.COM = {#  kdc = kerberos.example.com#  admin_server = kerberos.example.com# } [domain_realm]# .example.com = EXAMPLE.COM# example.com = EXAMPLE.COM I hope I have passed all the necessary information. If you need any more information, I ask you to let...

I know, and i have him the "samba" solution, because ... I dont know sssd also. And i dont get the fuss on samba+winbind or samba+sssd I have 3 services running minimal : samba winbind user-homes.automount Everything works as it should. I hope, and i'll add the note here also. NOTE ! My packages are NOT sssd compliant, you need to recompile SSSD yourselfs agains my samba

...heimdal. > Continuing on... > > The heimdal variant of kerberos uses a different parameter name for the > default ccache name property > than what is used by krb5-user. In heimdal the parameter name is > "default_cc_name" and in krb5-user > the parameter name is "default_ccache_name". I was throwing the kitchen sink > at the problem this morning and so, > with krb5-user installed, I decided to try substituting the parameter name > spelling to the heimdal parameter name. > So in the krb5.conf I used "default_cc_name = KEYRING:persistent:%{uid}" >...

...by varia reasons >> "just a shot in the dark", if you use kerberos tickets in /tmp then >> stuff changed in 18.04 this also broke our cifs automounter >> see here >> https://blog.nutmeg.at/2017/04/17/getting-pam-krb5-working-autofs-and-cifs/ >> i did >> default_ccache_name = FILE:/tmp/krb5cc_%{uid} >> in /etc/krb5.conf >> to fix our problem > > Thanks you very much for your answer! > > I tried to set default_ccache_name in /etc/krb5.conf as you suggest above but "lpr" still asks "Password for [myuser] on localhost?". &gt...

...krb5kdc.log >> admin_server = FILE:/var/log/kadmind.log >> >> [libdefaults] >> dns_lookup_realm = false >> ticket_lifetime = 24h >> renew_lifetime = 7d >> forwardable = true >> rdns = false >> # default_realm = EXAMPLE.COM >> default_ccache_name = KEYRING:persistent:%{uid} >> >> [realms] >> # EXAMPLE.COM = { >> # kdc = kerberos.example.com >> # admin_server = kerberos.example.com >> # } >> >> [domain_realm] >> # .example.com = EXAMPLE.COM >> # example.com = EXAMPLE.COM >>...

...als via SSH.?? The only issue is that I don't get a Kerberos >> ticket generated. >> >> In /etc/security/pam_winbind.conf I have: >> >> krb5_auth = yes >> >> krb5_ccache_type = KEYRING >> >> In /etc/krb5.conf, I also have: >> >> default_ccache_name = KEYRING:persistent:%{uid} >> >> Using wbinfo -K jas, then entering my password,? I see: >> >> plaintext kerberos password authentication for [jas] succeeded >> (requesting cctype: FILE) >> credentials were put in: FILE:/tmp/krb5cc_1004 >> >> [It w...

...------------------------ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_ccache_name = KEYRING:persistent:%{uid} [realms] TESTAD.BIO.AC.UK = { kdc = TESTSERVER1.TESTAD.BIO.AC.UK default_domain = TESTAD.BIO.AC.UK } [domain_realm] .testad.bio.ac.uk =...

...smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then entering my password,? I see: plaintext kerberos password authentication for [jas] succeeded (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_1004 [It writes the keyring to a file even though I've specified KEYRING.?...

...========================== [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN.COM dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_ccache_name = KEYRING:persistent:%{uid} [realms] MYDOMAIN.COM = { kdc = dc01.mydomain.com admin_server = dc01.mydomain.com } [domain_realm] mydomain.com = MYDOMAIN.COM .mydomain.com = MYDOMAIN.COM