search for: hiemdal

...parate process, which can be forked and execd by the sshd and passed the environment which may have a KREB5CCNAME pointing at the Kerberos ticket cache Other parameters such as the home directory could also be passed. This would then allow simple code in OpenSSH that does not depend on OpenAFS, Hiemdal or MIT code to fork/exec the process that does all the work. This would be called by the process that would eventially become the user's shell process and is run as the user. OpenSSH could be built on systems that may or may not have AFS installed and run on a system with or without AFS. T...

I took Markus Friedl's advice and set up a KbdintDevice for Kerberos password authentication/expiry. It took me a bit to wrap my head around privsep, but I think it's working properly (code stolen shamelessly from FBSD's PAM implementation :->). The hardest part was working out how to get the interaction between krb5_get_init_creds_password() (along with the prompter) to work

...After getting samba to work in its plain defaults, I then proceeded to configure it to use bind9 as shown in the bind howto - https://wiki.samba.org/index.php/DNS#Changing_from_Internal_DNS_to_BIND But I then found I was getting errors running samba_dnsupdate --verbose --all so then I installed hiemdal and configured the /etc/krb5.conf to have the realm name of may samba domain. This probably was superfluous as I still go the same error. So I investigated further and modified /etc/resolv.conf so that in pointed to the host I'm workinging on -- where I installed bind. Then running samba_dns...

Hey list, Right now I have Samba+LDAP working (like a charm acctually) I just have one issue. Right now Samba is authenticating the user against the sambaLMPassword and/or the sambaNTPassword attributes. I would rather it authenticated against the userPassword attribute like my unix boxes and mail servers do. Is samba capable of doing this? Otherwise I have to maintain two seperate passwords