search for: klogin

...he exec then gets unintended privileges. This is a permanent change for the forked process. Exploit requires access to either the command the exec will run or to the manifests calling execs. (#12458) Similarly unexpected privileges are given to providers and types (egid remains as root). (#12460) Klogin type will write to untrusted locations (write through symlinks) # Details # CVE-2012-1053 GID Issues (#12457, #12458, #12459) [ Medium ] #12457 - Real gid always present in supplementary groups Overview =================================================== In Puppet::Util::SUIDManager, Puppet...

I think MJ is using samba with AD backend and Rowland RID. Rowland, try AD backend if your using rid atm. Gr. Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens mj via samba > Verzonden: woensdag 11 oktober 2017 13:25 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Using GPO to mount shares on Linux > > >

...vers with file shares. Optional, mix this with RID, for example for a dedicated print server, or proxy server (auth). I use setup 3. Multiple servers with AD and RID mixed on the members, based on function. A NFS pointer is. Make sure you set you home folder 755, kerberos ( MIT ), lookf or .klogin in the home dir. If the setup is to tight this fails. ( workaround: disable .klogin checking in krb5.conf ) And nfs/hostname.FQDN needs to be added to HOSTNAME$ where its needed. For Cifs. You may need to add these lines in krb5.conf cifs uses them nfs not. ; for Windows 2008 with AES def...

This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and other principal names in authorized_keys entries. It's a sort of replacement for .klogin and .k5login, but it's much more general than .k*login as it applies to any authentication mechanism where a name is associated with the ssh client and it supports name patterns and all the normal authorized_keys entry options we're used to. Now you can have entries like these in your auth...

...rs with file shares.         Optional, mix this with RID, for example for a dedicated print server, or proxy server (auth). I use setup 3. Multiple servers with AD and RID mixed on the members, based on function. A NFS pointer is. Make sure you set you home folder 755, kerberos ( MIT ), lookf or .klogin in the home dir. If the setup is to tight this fails.  ( workaround: disable .klogin checking in krb5.conf ) And nfs/hostname.FQDN needs to be added to HOSTNAME$ where its needed. For Cifs. You may need to add these lines in krb5.conf cifs uses them nfs not. ; for Windows 2008 with AES     default...

...onal, mix this with RID, for example for a dedicated print > server, or proxy server (auth). > > I use setup 3. > Multiple servers with AD and RID mixed on the members, based on function. > > A NFS pointer is. > Make sure you set you home folder 755, kerberos ( MIT ), lookf or .klogin > in the home dir. > If the setup is to tight this fails. ( workaround: disable .klogin > checking in krb5.conf ) > And nfs/hostname.FQDN needs to be added to HOSTNAME$ where its needed. > > For Cifs. You may need to add these lines in krb5.conf cifs uses them nfs > not. >...

mark at ohprs.org > My last message probably contained too much information. This one is more succient. "Succint" may not be the right adjective, because I think this is the third copy I've seen. > Here is the dovecot log when user dsmith attempts to connect to dovecot > from the Tbird client: What I see is ... > Jul 11 19:29:46 imap-login: Info: Disconnected (no

...le features simplify key management and authorized_keys file management in environments where Kerberos or GSI are in use with OpenSSH (see Simon Wilkinson's patch to OpenSSH that implements the gsskeyex draft). These features represent a much more general authorization system for Kerberos than .klogin or .k5login, and apply to other authentication mechanisms as well (again, GSI/X.509, and, in the future, when direct X.509 support is added to OpenSSH, x.509). These features, or a variation thereof, in OpenSSH, would be greatly appreciated. ------- You are receiving this mail because: -------...

...er upgrading some machines to openssh 3.1p1 recently, I noticed some odd behavior when connecting to the 3.1p1 sshd. Specifically, if I used a kerberized client ssh, and I have a kerberos v4 tgt, but *not* in the kerb realm of the machine I'm ssh-ing to, the authorization should fail (since my .klogin doesn't specifically allow this), and it does. Then sshd abruptly closes the connection. No message (not even with the client in maximally verbose mode). When I try to run sshd in debug mode without the daemon (-d -d -d -D) and reproduce this problem, it is in fact segfaulting shortly after the...

...l find its way into OpenSSH. In conjunction with Kerberos (IV or V) it can be extremely useful: - key management is simplified: key management is done at the KDC and there is no need to edit authorized_keys2 files all over to revoke keys! - authorized_keys2 is *much* more featureful than .klogin and .k5login are, regardless of Kerberos implementation source (KTH, Heimdal, MIT, SEAM, all implement pretty much the same all-or-nothing .klogin/.k5login functionality). A similar patch of gss-serv.c:ssh_gssapi_gsi_userok() to support the use of 'gsi' key names in authorized_key...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...p6 nowait root internal #discard dgram udp wait root internal #discard dgram udp6 wait root internal #chargen stream tcp nowait root internal #chargen stream tcp6 nowait root internal #chargen dgram udp wait root internal #chargen dgram udp6 wait root internal # # Kerberos authenticated services # #klogin stream tcp nowait root /usr/libexec/rlogind rlogind -k #eklogin stream tcp nowait root /usr/libexec/rlogind rlogind -k -x #kshell stream tcp nowait root /usr/libexec/rshd rshd -k #kip stream tcp nowait root /usr/libexec/kipd kipd # # CVS servers - for master CVS repositories only! You must set the...