search for: mod_auth_kerb

Hello all. We have a CentOS 7 system integrated with Active Directory. Achieved using realmd, SSSD and krb5-workstation together with a ktpass-generated keytab. Apache's mod_auth_kerb allows users to authenticate via their AD accounts, and authorise with "require user" directive. But so far we fail to authorise via AD group membership. i.e. adding AuthLDAPUrl and "require ldap-group" directives to httpd.conf results in access being denied. Using ldapsearch w...

...Errata and Bugfix Advisory 2012:0057 Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-0057.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 206ac0fadb4eac35a8ef675a9878b41496b25ebc9e0f940b5b16191b130e9bbd mod_auth_kerb-5.1-3.el5_7.1.i386.rpm x86_64: ce9ec70d8dcb6f418e857a2593194f3c45cbb7ed8d7ecacc8b2636eb3f72b4e2 mod_auth_kerb-5.1-3.el5_7.1.x86_64.rpm Source: 325d9b8066ce14550ecdeccc3c432a0ee50d6bd84fac521607a893a212ae5df6 mod_auth_kerb-5.1-3.el5_7.1.src.rpm -- Johnny Hughes CentOS Project { http://www.ce...

...Errata and Bugfix Advisory 2013:0078 Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0078.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: c906000d1d58f0ee32b07c8c0983abb51cb4165aa602167d13437da3071cea79 mod_auth_kerb-5.1-5.el5.i386.rpm x86_64: a0bf9a16af6cd851e52eebc8e994edf6855a14935a71738992b0ff4585fc87b2 mod_auth_kerb-5.1-5.el5.x86_64.rpm Source: e7549d19866f2e74193995925f037093dd4ba5f63e71368ac7f86b5cc430e3cd mod_auth_kerb-5.1-5.el5.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ }...

...Errata and Bugfix Advisory 2013:0860 Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0860.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: a66348b86c4700b3e43d01394b21e502c2ec857b47973f2b8bf4140262345186 mod_auth_kerb-5.4-10.el6.i686.rpm x86_64: 3a4a39587d2ba8f7b29b004f801d95de0a282977dbf5be7c4e3620be90c1a0c7 mod_auth_kerb-5.4-10.el6.x86_64.rpm Source: a60e3185d0a3240afbcad1ab3df191a7be072b0ebdd1431cbfb23b80aeca0069 mod_auth_kerb-5.4-10.el6.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/...

...Any>: granted [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require valid-user : denied (no authenticated user yet) [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: denied (no authenticated user yet) [auth_kerb:debug] src/mod_auth_kerb.c(1643): kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [headers:debug] mod_headers.c(900): AH01503: headers: ap_headers_error_filter() [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require valid-user : denied (no authenticated user yet) [authz_c...

CentOS Errata and Security Advisory 2006:0746 https://rhn.redhat.com/errata/RHSA-2006-0746.html The following updated files have been uploaded and are currently syncing to the mirrors: s390: updates/s390/RPMS/mod_auth_kerb-5.0-1.3.c4.s390.rpm s390x: updates/s390x/RPMS/mod_auth_kerb-5.0-1.3.c4.s390x.rpm -- Pasi Pirhonen - upi at iki.fi - http://pasi.pirhonen.eu/ Top-postings silently ignored -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-sign...

CentOS Errata and Security Advisory 2006:0746 https://rhn.redhat.com/errata/RHSA-2006-0746.html The following updated files have been uploaded and are currently syncing to the mirrors: i386: mod_auth_kerb-5.0-1.3.i386.rpm src: mod_auth_kerb-5.0-1.3.src.rpm -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos-anno...

CentOS Errata and Security Advisory 2006:0746 https://rhn.redhat.com/errata/RHSA-2006-0746.html The following updated files have been uploaded and are currently syncing to the mirrors: x86_64: mod_auth_kerb-5.0-1.3.x86_64.rpm src: mod_auth_kerb-5.0-1.3.src.rpm -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos-an...

...-2006:0754 Important CentOS 3 x86_64 gnupg - security update (Tru Huynh) 3. CESA-2006:0754 Important CentOS 3 ia64 gnupg - security update (Pasi Pirhonen) 4. CESA-2006:0754 Important CentOS 4 ia64 gnupg - security update (Pasi Pirhonen) 5. CESA-2006:0746 Low CentOS 4 ia64 mod_auth_kerb - security update (Pasi Pirhonen) 6. CESA-2006:0754 Important CentOS 4 s390(x) gnupg - security update (Pasi Pirhonen) 7. CESA-2006:0746 Low CentOS 4 s390(x) mod_auth_kerb - security update (Pasi Pirhonen) 8. CESA-2006:0754 Important CentOS 3 s390(x) gnupg - security...

CentOS Errata and Security Advisory 2006:0746 https://rhn.redhat.com/errata/RHSA-2006-0746.html The following updated files have been uploaded and are currently syncing to the mirrors: files: updates/ia64/RPMS/mod_auth_kerb-5.0-1.3.c4.ia64.rpm -- Pasi Pirhonen - upi at iki.fi - http://pasi.pirhonen.eu/ Top-postings silently ignored -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <http://...

Hello! Our organization has since June had problems with samba on our web server incrementing keytab version numbers every month - precisely every month. Since apache2 with mod_auth_kerb isn't made aware of this, all our web sites go 503. The manual solution has been exporting new keytabs and reloading apache, but we haven't figured out why the KVNOS are incremented in the first place. Some googling suggests "kerberos method = secrets and keytab", but this has no...

...Topics: 1. CESA-2012:0052 Important CentOS 6 kernel Update (Karanbir Singh) 2. CEBA-2012:0054 CentOS 6 sssd Update (Karanbir Singh) 3. CEBA-2012:0055 CentOS 6 nss-pam-ldapd Update (Karanbir Singh) 4. CEBA-2012:0053 CentOS 5 cman Update (Johnny Hughes) 5. CEBA-2012:0057 CentOS 5 mod_auth_kerb Update (Johnny Hughes) 6. CESA-2012:0051 Important CentOS 5 kvm Update (Johnny Hughes) 7. CEBA-2012:0056 CentOS 5 lvm2 Update (Johnny Hughes) 8. CESA-2012:0060 Moderate CentOS 5 openssl Update (Johnny Hughes) 9. CESA-2012:0060 Moderate CentOS 5 openssl Update (Johnny Hughes) --------...

...a total disaster (particularly for small sites trying to replace SBS), but we do try and make folks think before creating mega-servers. I'm very happy for such information to be in our wiki, as I do refer to it and refer others to the apache page, which shows the same pattern as required for mod_auth_kerb. https://wiki.samba.org/index.php/Authenticating_Apache_against_Active_D irectory Indeed, we need to make this page easier to find. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cata...

...s) 8. CEBA-2013:0844 CentOS 6 environment-modules FASTTRACK Update (Johnny Hughes) 9. CEBA-2013:0851 CentOS 6 perl-CGI-Session FASTTRACK Update (Johnny Hughes) 10. CEBA-2013:0859 CentOS 6 perl-Test-Memory-Cycle FASTTRACK Update (Johnny Hughes) 11. CEBA-2013:0860 CentOS 6 mod_auth_kerb FASTTRACK Update (Johnny Hughes) 12. CEBA-2013:0879 CentOS 6 createrepo FASTTRACK Update (Johnny Hughes) 13. CEEA-2013:0880 CentOS 5 tzdata Update (Johnny Hughes) 14. CEEA-2013:0880 CentOS 6 tzdata Update (Johnny Hughes) --------------------------------------------------------...

...ticate users as LDAP[s] is not meant to authenticate anything, it's a DB. Kerberos should be used for authentication as it is meant for that purpose and could grant your users possibility to have SSO. More secure for admins, more simple for users... I have not enough knowledge about Apache and mod_auth_kerb but it seems this Apache module can be used to authenticate users using Kerberos. Configuration for the few I read seems to be placed in Apache side, protecting directories/URIs of your sites, granting access to others objects... Again I have not the experience to be sure, but it seemed a good way...

.../enterprise/6Server/en/os/SRPMS/bash-4.1.2-3.el6.src.rpm As do other rebuild-distributions like Scientific Linux: http://mirrors.200p-sf.sonic.net/scientific/6.0/SRPMS/vendor/bash-4.1.2-3.el6.src.rpm I have noticed this same anomoly with the following packages: bash coreutils iptables libselinux mod_auth_kerb nss redhat-logos There may be others as well, but I have not checked the entire distribution. Is this a mistake? Or is there a reason that these are left out? I searched the forums and found this thread, but it offers no real solution: https://www.centos.org/modules/newbb/viewtopic.php?post_id=14...

Hello, We're starting to use FreeIPA in house (which is awesome btw) which means that Kerberos and TLS client certificate authentication is suddenly quite easy. Im looking for a list of common Linux services with data on how one can Authenticate/Authorise for these services. * httpd support TLS client certificate authentication and Kerberos * rabbitmq supports TLS client certificate

...thers can. I *think* this is related to the fact that those users unable to connect are member of a huge number of groups (100+). We know from experience that this is a problem in Windows itsself (need to set MaxTokenSize as discussed here http://support.microsoft.com/kb/327825) or with Apache mod_auth_kerb (need to set LimitRequestFieldSize in Apache). Unfortunately, I was unable to find any clear indication that this might also be a problem with Samba/Winbind, let alone find a solution for it. And I must admit that I don't have any log entries that actually point me in this direction, so it...

...do try and make folks > > think > > before creating mega-servers. > > > > I'm very happy for such information to be in our wiki, as I do > > refer to > > it and refer others to the apache page, which shows the same > > pattern as > > required for mod_auth_kerb. > > > > https://wiki.samba.org/index.php/Authenticating_Apache_against_Acti > > ve_D > > irectory > > > > Indeed, we need to make this page easier to find. > > > > Andrew Bartlett > > > > Andrew, I know all this, but in this instance...

Hi, After doing a clean install of ovirt in a Fedora 11 VM, I am unable to get anything working in the web interface. All I get is an error 500. After reviewing the logs I see the following error in /var/log/http/error.log [Thu Nov 26 11:29:11 2009] [notice] Apache/2.2.13 (Unix) DAV/2 mod_auth_kerb/5.4 mod_nss/2.2.11 NSS/3.12.2.0 mod_python/3.3.1 Python/2.6 configured -- resuming normal operations [Thu Nov 26 11:29:11 2009] [error] avahi_entry_group_add_service_strlst("AdminNodeFQDN") failed: Invalid host name /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/active_record/conne...