search for: principally

Displaying 20 results from an estimated 5698 matches for "principally".

2015 Oct 09
5
kerberos nfs4's principals and root access
Hello samba team ! I have some NFS4 exports managed by a Samba's Kerberos realm. All the standard user accesses work fine. I try now to setup an NFS4 root access to administer the share from another server (the two host are DC, one PDC and one SDC). But I have trouble understanding the kerberos/principals layer. ------------ Actually I do ------------- -> on the server I create an nfs
2015 Feb 22
3
PKI host based principal
Hello, Maybe I did not understand correctly the PKI trust, so forgive me if I am wrong. For example, I have multiple hosts that all serves as monitoring server, I would like to trust only these hosts, so I enrol a certificate for these using "monitoring" principal, so I can connect only to these. At first I thought we can do Match statement at ssh_config, however, the Match is being
2015 Oct 09
1
kerberos nfs4's principals and root access
Thanks you very much Louis ! I have tried your setup and I can't mount the share neither from the server itself or the client. On /var/log/syslog I have : rpc.gssd : ERROR : no credentials found for connecting to server myserver This is because the machine principal is not present in the keytab : $ klist -k 1 nfs/myclient.samdom.com at SAMDOM.COM 1 nfs/myclient.samdom.com at SAMDOM.COM 1
2015 Oct 09
3
kerberos nfs4's principals and root access
Hai Baptiste, I re-checked my setup and your totaly correct. I can not enter the nfsV4 mounted directory as root. What i've added in idmap.conf Is this : Domain = your_DNS_domain.tld [Translation] Method = nsswitch And i found this link. http://serverfault.com/questions/526762/root-access-to-kerberized-nfsv4-host-on-ubuntu im testing this now. Greetz, Louis >
2015 Oct 09
0
kerberos nfs4's principals and root access
Hai, I had it the other way around. Only root acces. I have scripted my setup and tested on debian. Look here https://secure.bazuin.nl/scripts/these_are_experimental_scripts/ setup-nfsv4-kerberos.sh If you get the file, setup-nfsv4-kerberos.sh and compair it to your setup. If you can read the bash script maybe you see something you missed. When i write as "root" its root and
2010 Nov 30
3
pca analysis: extract rotated scores?
Dear all I'm unable to find an example of extracting the rotated scores of a principal components analysis. I can do this easily for the un-rotated version. data(mtcars) .PC <- princomp(~am+carb+cyl+disp+drat+gear+hp+mpg, cor=TRUE, data=mtcars) unclass(loadings(.PC)) # component loadings summary(.PC) # proportions of variance mtcars$PC1 <- .PC$scores[,1] # extract un-rotated scores of
2015 Feb 13
1
Samba4 kinit issue with principal and keytab file
Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at
2016 Feb 25
1
Trouble adding a service principal to keytab
Hi, I am new to samba and Kerberos so please be gentle! I have built a samba AD DC (v4.3.5) on Centos Linux from source and am trying to add a service principal and generate a keytab containing the principal. However the principal entry does not appear in the keytab. Here's what I did: [root at bones ~]# samba-tool spn add GEMSTONE64/bunk.gemtalksystems.com at
2017 May 15
5
Golang CertChecker hostname validation differs to OpenSSH
Hi all, Last week I noticed that the CertChecker in the Go implementation of x/crypto/ssh seems to be doing host principal validation incorrectly and filed the following bug: https://github.com/golang/go/issues/20273 By default they are looking for a principal named "host:port" inside of the certificate presented by the server, instead of just looking for the host as I believe OpenSSH
2011 Mar 03
2
PCA - scores
I am running a PCA, but would like to rotate my data and limit the number of factors that are analyzed. I can do this using the "principal" command from the psych package [principal(my.data, nfactors=3,rotate="varimax")], but the issue is that this does not report scores for the Principal Components the way "princomp" does. My question is: Can you get an
2004 Sep 13
4
Pending OpenSSH release, call for testing.
Darren, We have systems which are multihomed for virtualisation, but run only one sshd. You can connect to any IP-address and should be authenticated with gssapi/kerberos. So the client will ask for a principal host/virt-ip-X and the server has to have an entry for this in the keytab and has to select the right key by determining the hostname from the connection IP-address. There is no other way
2015 Oct 09
0
kerberos nfs4's principals and root access
Ok, now its clear to me. We need to set UMICH_SCHEMA in idmap.conf Read : http://linux.die.net/man/5/idmapd.conf Working on it now. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle > Verzonden: vrijdag 9 oktober 2015 13:34 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] kerberos
2014 Jun 19
2
Principal component analysis with EQUAMAX rotation
Hello, I need to do a principal component analysis with EQUAMAX-rotation. Unfortunately the function principal() I use normally for PCA does not offer this rotation specification. I could find out that this might be possible somehow with the package GPArotation but until now I could not figure out how to use this in the principal component analysis. Maybe someone can give an example on how to do
2012 Dec 09
1
Fwd: samba_dnsupdate principal and TKEY unacceptable
Hi, I am trying to run samba with bind_dlz (bind-9.9.1 - P1) on a multi-homed network. I have configured the setup as per Samba4 Howto. But when I try to do "samba_dnsupdate --all-names" it fails with error: dns_tkey_negotiategss: TKEY is unacceptable The kerberos ticket being used by samba_dnsupdate shows follwoing principals: klist -c /tmp/tmp6cxfgY Ticket cache: FILE:/tmp/tmp6cxfgY
2010 May 10
1
Certificates and authorized principals
Hi, Users who are interested in certificate authentication might be interested in this change: > - djm at cvs.openbsd.org 2010/05/07 11:30:30 > [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c key.c] > [servconf.c servconf.h sshd.8 sshd_config.5] > add some optional indirection to matching of principal names listed > in certificates. Currently, a
2023 Nov 12
1
Match Principal enhancement
Hi OpenSSH devs, I?m wondering if the following has any merit and can be done securely ... If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like /etc/ssh/authorized_keys/sshfwd: cert-authority,principals=?batcha-fwd,batchb-fwd? ... /etc/ssh/sshd_config containing: Match User sshfwd PubkeyAuthentication yes
2023 Nov 12
1
Match Principal enhancement
AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could
2012 Jul 13
1
Understanding kerberos principals in samba4
Hi, When I have a service on a client that tries to use kerberos and I get errors such as these in the log.samba file: Kerberos: UNKNOWN -- host/ubuntu-test.mydomain.net @ MYDOMAIN.NET: no such entry found in hdb Does this mean that the kerberos authentication system is looking for the principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" in samba4's domain or in the
2015 Feb 16
0
Samba4 kinit issue with principal and keytab file
Hi Rowland, Thanks for your help again. I understand the difference between the UPN (User Principal Name) and the SPN (Service Principal Name). But in your second exemple, you never mention the SPN, neither in the keytab export or in the kinit command. Does that means that there is no kinit possible using the SPN? So I am worried of what is the benefice of adding a SPN to a user instead of
2017 May 16
2
Golang CertChecker hostname validation differs to OpenSSH
On Wed, May 17, 2017 at 2:46 AM, Damien Miller <djm at mindrot.org> wrote: > On Mon, 15 May 2017, Adam Eijdenberg wrote: >> https://github.com/golang/go/issues/20273 >> >> By default they are looking for a principal named "host:port" inside >> of the certificate presented by the server, instead of just looking >> for the host as I believe OpenSSH