search for: eku

...s/10-kornievskaia-pkinit-interop.pdfwhich seems quite detailed and covers quite a bit, in particular it mentions this: -------QUOTE---------------------------------------------------------- CLIENT IDENTITY - Kerberos principal name encoded in X509 SAN - Mapping facility at the KDC - Must have X509 EKU fields --------/QUOTE---------------------------------------------------------- So to handle those one at a time, principal name for a user would just be their username on the domain, or would it be the full CN like paul at mydomain.com ? Then for a service (I've read http://technet.microsoft....

...hat I was able to gather, Winbind doesn't support smart card auth. To my surprise, I was able to authenticate without pam_pkcs11 or pam_krb5 in my PAM stack, using only pam_winbind, after I've added config like this into /etc/krb5.conf: ``` EXAMPLE.COM = { pkinit_cert_match = &&<EKU>msScLogin,<KU>digitalSignature pkinit_eku_checking = kpServerAuth pkinit_identities = PKCS11:/usr/lib64/pkcs11/opensc-pkcs11.so pkinit_kdc_hostname = example.com } [appdefaults] pam = { mappings = ^EXAMPLE\\(.*)$ $1 at EXAMPLE.COM } ``` >From what I understand, that works because I ha...

...igit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? \+\+ Certificate has key usage ([0-9a-f]{4}), expects \4$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? \+\+ Certificate has EKU \(str\) TLS Web (Client|Server) Authentication, expects TLS Web \4 Authentication$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? VERIFY (|E)KU OK$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvp...

...CRC > default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > pkinit_kdc_hostname = <DNS> > pkinit_anchors = DIR:/var/lib/pbis/trusted_certs > pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> > pkinit_eku_checking = kpServerAuth > pkinit_win2k_require_binding = false > pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so > My krb5.conf is: [libdefaults] default_realm = EXAMPLE.LAN dns_lookup_realm = false dns_lookup_kdc =...

..._tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> pkinit_kdc_hostname = <DNS> >> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs >> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> >> pkinit_eku_checking = kpServerAuth >> pkinit_win2k_require_binding = false >> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so >> > My krb5.conf is: > > [libdefaults] > default_realm = EXAMPLE.LAN > dns_loo...

...AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >>> pkinit_kdc_hostname = <DNS> >>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs >>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> >>> pkinit_eku_checking = kpServerAuth >>> pkinit_win2k_require_binding = false >>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so >>> >>> [realms] >>> EXAMPLE.COM = { >>> kdc = kerberos.example.co...

...HMAC DES-CBC-MD5 DES-CBC-CRC default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC pkinit_kdc_hostname = <DNS> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> pkinit_eku_checking = kpServerAuth pkinit_win2k_require_binding = false pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so and removed "krb5.keytab" too. You told me that my domain name is "jasondomaini" but it is wrong, My domain name is &q...

...CRC > default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > pkinit_kdc_hostname = <DNS> > pkinit_anchors = DIR:/var/lib/pbis/trusted_certs > pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> > pkinit_eku_checking = kpServerAuth > pkinit_win2k_require_binding = false > pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so > My krb5.conf is: [libdefaults] default_realm = EXAMPLE.LAN dns_lookup_realm = false dns_lookup_kdc =...

...default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > # preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > # pkinit_kdc_hostname = <DNS> > # pkinit_anchors = DIR:/var/lib/pbis/trusted_certs > # pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> > # pkinit_eku_checking = kpServerAuth > # pkinit_win2k_require_binding = false > # pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Thank you so much and Please l...

..._tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> pkinit_kdc_hostname = <DNS> >> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs >> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> >> pkinit_eku_checking = kpServerAuth >> pkinit_win2k_require_binding = false >> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so >> > My krb5.conf is: > > [libdefaults] > default_realm = EXAMPLE.LAN > dns_loo...

..._tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> pkinit_kdc_hostname = <DNS> >> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs >> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> >> pkinit_eku_checking = kpServerAuth >> pkinit_win2k_require_binding = false >> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so >> > My krb5.conf is: > > [libdefaults] > default_realm = EXAMPLE.LAN > dns_loo...

...CRC > default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > pkinit_kdc_hostname = <DNS> > pkinit_anchors = DIR:/var/lib/pbis/trusted_certs > pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> > pkinit_eku_checking = kpServerAuth > pkinit_win2k_require_binding = false > pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so > > [realms] > EXAMPLE.COM = { > kdc = kerberos.example.com > admin_server = kerberos.example.com > } > J...

..._tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> pkinit_kdc_hostname = <DNS> >> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs >> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> >> pkinit_eku_checking = kpServerAuth >> pkinit_win2k_require_binding = false >> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so >> >> [realms] >> EXAMPLE.COM = { >> kdc = kerberos.example.com >> admin_server = ke...

...HMAC DES-CBC-MD5 DES-CBC-CRC default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC pkinit_kdc_hostname = <DNS> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> pkinit_eku_checking = kpServerAuth pkinit_win2k_require_binding = false pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so [realms] EXAMPLE.COM = { kdc = kerberos.example.com admin_server = kerberos.example.com } JASONDOMAIN.JJ = { auth_to_local = RULE:[1:$0\$1](...

...CRC > default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > pkinit_kdc_hostname = <DNS> > pkinit_anchors = DIR:/var/lib/pbis/trusted_certs > pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> > pkinit_eku_checking = kpServerAuth > pkinit_win2k_require_binding = false > pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so > > [realms] > EXAMPLE.COM = { > kdc = kerberos.example.com > admin_server = kerberos.example.com > } > J...

..._tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> pkinit_kdc_hostname = <DNS> >> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs >> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> >> pkinit_eku_checking = kpServerAuth >> pkinit_win2k_require_binding = false >> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so >> >> [realms] >> EXAMPLE.COM = { >> kdc = kerberos.example.com >> admin_server = ke...

On 04/01/15 13:00, Rowland Penny wrote: > On 04/01/15 10:17, Jason Long wrote: >> Thanks a lot. >> I enter the command and result is : >> >> Using short domain name -- JASONDOMAINI >> Joined 'PRINTMAH' to dns domain 'JASONDOMAIN.JJ' >> but after run "net rpc testjoin" : >> >> Unable to find a suitable server for domain

Hi, I'm getting the following error when I try and load mgcv: > library(mgcv) Error in dyn.load(file, DLLpath = DLLpath, ...) : unable to load shared object '/usr/lib/R/library/Matrix/libs/Matrix.so': /usr/lib/R/library/Matrix/libs/Matrix.so: undefined symbol: R_check_class_and_super Error: package/namespace load failed for 'mgcv' I thought there might be a mismatch