search for: kerb5

Hi, I am trying to decide if it is worth the time to test the Kerberos support in a port I am working on of Openssh 3.5p1. Does using Kerb5 with SSH1 solve the security problems inherent in protocol 1 and bring it up to par with the security level of SSH2 or are there other issues that Kerb5 authentication won't help for SSH1? Thanks, Greg Lambert --------------------------------- Do you Yahoo!? Free online calendar with sync...

Hey, I just subscribed to this list, so apologies in advance if this has been asked already (although I haven't found mention in the archives after a cursory search). I notice that there's no Kerb5 support in 2.3.0p1. Is anyone working on getting support in there for v1 and v2 connections, or is this something I'm going to have to do myself? Also, I've just completed SecurID patches for 2.3.0p1 (v1 connects only, ATM, I'm still looking at how to get v2 working on the...

Gang, I've been trying to build rc29 under Solaris 10 using either "--with-gssapi" or Kerberos 5 ticket usage. I'm trying to figure out how to set up fetchmail on another S10 box to do IMAP fetches from dovecot without having to enter a password. No matter what configure option I try, I get Building with GSSAPI support ........ : no at the end of the configure. I searched

please test Olaf Kirch's patch. it looks fine to me, but i don't to K5. i'd like to see this in the next release. thx -m -------------- next part -------------- --- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002 +++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002 @@ -73,18 +73,17 @@ * from the ticket */ int -auth_krb5(Authctxt *authctxt, krb5_data *auth, char

Krb5-authentication and Kerb5-TGT-passing is working well with openssh-2.3.0p1. Question: Is there a solution using rdist -P "/usr/local/bin/ssh" without the need for RhostRSAAuthentication, RSAAuthentication or using the Kerberos r-command set? The objective is to do away with ".rhosts/.shost" and pri...

http://bugzilla.mindrot.org/show_bug.cgi?id=568 ------- Additional Comments From michael.houle at atcoitek.com 2004-04-06 06:04 ------- Can someone please enlighten me on whether this kind of code is going to be included in the main development ? I thought this would be handled automatically by the krb5 libraries, so I was suprised to find that password changing doesn't work in the SSH

...PCNetLink and legacy mode operations, so we are looking at switching to Samba 3, as we have heard that it can communicate with ADS servers. Here's my question: I would like to move to an OpenLDAP/Kerberos authentication scheme for our Solaris machines and have a Samba 3 PDC using this OpenLDAP/Kerb5 backend for authentication as the PDC for our Windows 2000 and XP workstations. Additionally, I would like to be able to have the same Samba 3 PDC interact with the Windows 2000 ADS Server that our client runs in either a trust relationship or as a member server to allow the customer clients to use...

I don't know if it's a bug or a feature, but the filesystem-2.4.0-2.el5.centos rpm won't upgrade cleanly if /home is an NFS filesystem. I sorta-kinda remember this when going from 5.1 to 5.2, but that memory is hazy. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/

On Friday 30 December 2005 12:54 pm, Brad wrote: > Why would you install a port of something that comes with > the base OS, especially MIT Kerb5? While Krb5 is included in FreeBSD, it's Heimdal implementation, not MIT's, and some of us have valid reasons for running MIT Krb5 instead and the API's are different between the two. Best Wishes - Peter -- [ http://www.plosh.net/ ] - "Earth Halted: Please reboot to continue&q...

The openssh-3.0 announcement said: (...) 3) improved Kerberos support in protocol v1 (KerbIV and KerbV) (...) This seems to imply at least some krb5 support, but there is nothing new in ./configure --help about it. Grepping the source, I see many references to #ifdef KRB5. Trying to enable it manually (a #define in config.h) gives errors about a missing krb5_auth_con_setaddrs_from_fd, which I

Platform: Irix 6.5.16 OpenSSH 3.5p1 built with MIT Kerb5 v. 1.2.6, OpenSSL 0.9.6g Everything (privsep, ticket forwarding, etc) so far works like a charm. You guys do great work. -- ******************************************************* Quellyn L. Snead CCN-2 Enterprise Software Management Team Los Alamos National Laboratory Schedule B (505) 667-4185...

...to be able to get same UID/GID on all clients,so after some reading I have installed AD4Unix on the DC in order to extend the AD schema to hold unix accounts details,and planned to use ldap to reach it from the clients.so far so good. My problem is that I could not get the samba/pam.d/nsswitch/kerb5 configuration to work with ldap.I am not able to su to a <domain user> as it is not recognized by the machine now, so I can't even check if the ID's are correct. I was wondering if someone could help me with going from a clean working winbind env to a working ldap one. what are t...

Is there a flavor of the pam_winbind module that uses Challenge/Response (CRAP) for authentication? I have samba-3.0.25 and the pam_winbind module only does cleartext. This fails when trying to authenticate against AD. I'd like to switch our app from using ntlm_auth to pam. I did a quick hack an added winbind_auth_request_crap() and it works, but I'm wondering if anyone else has

Hi There, I'm trying to get my linux authenticate users against a win2k3 box. I'm using samba 3.0 and my smb.conf file looks like: [global] #server name = teste workgroup = conexao encrypt passwords = yes security = domain password server = * os level = 33 local master = No winbind use default domain = yes oplocks =

Hi, We are facing problems while configuring SAMBA ADS on Sun Solaris system. After installation and configuration we found that there is no ADS support on the version samba-3.0.21a-1-noads-sunos5.9-sparc.pkg.gz. Do you have any ADS support package for Sun Solaris 9. Kind Regards Venu Gopal Sr. Systems Engineer SSA Global Technologies India (Pvt) Ltd Hyderabad,India Tel : +91 40 23100525

...past sixteen hours working on this but all things I try seem to come back with empty results. I have installed from RPM the version of Samba, Winbind, and all other relevant programs, followed the instruction on a few different sites on how to configure /etc/samba/smb.conf, /etc/kerb5.conf, and /etc/pam.d/* and every time I think I'm getting close, I always come back to the same errors. Here's the most recent. Errors I've come across, it looks like I'm getting close but I don't know what I'm missing. [2007/05/30 15:56:08, 3] smbd/...

...00 at yahoo.com We recently upgraded from openssh-3.6.1p2 to openssh-3.7.1p2 and are now not able to login. We rely on PAM authentication and our PAM configuration looks like this: sshd auth required /usr/lib/security/$ISA/pam_krb54.so.1 get_k4_tgt This pam module is home-grown and gets both Kerb5 and Kerb4 tickets. I've tried running sshd -d -d -d to figure out the problem here and I'm not sure what the issue is. I'll attach the debug output shortly. Here is my /etc/ssh/sshd_config: HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_dsa_key LoginGraceTime 600 IgnoreRhos...

For some reasons the afs tokenforwarding stuff has changed siginificantly from v 2.9p2 to 2.9.9p2. This makes it impossible to use public key authenticication in a standart AFS environment. I don't know the reasons for these changes. In any case attached is a patch which restores the old behaviour. Regards Serge -- Serge Droz Paul Scherrer Institut mailto:serge.droz at

I've attached a patch relative to OpenSSH 2.5.1p1 which sets the default PAM service name to __progname instead of the hard-coded value "sshd". This allows you to have multiple invokations of sshd under different names, each with its own PAM configuration. Please let me know if you have any questions or problems. -- Mark D. Roth <roth at feep.net> http://www.feep.net/~roth/

Hi, I just installed 3.0.2rc1 for testing, and I came across a problem with cross-realm authentication. I joined samba to our active directory domain, and I can see that it has host and cifs principals in windows kerberos. Our organization's primary kerberos realm (CEDE.PSU.EDU) is an MIT kerb5 realm, and we have a one-way non-transitive trust such that windows (server 2003) kerberos (WIN.CEDE.PSU.EDU) is slaved to our MIT realm. We have a cross-realm test account called 'krbtest' that has a kerberos principal mapping defined in AD. The test sun server's name is 'alcor...