search for: principals

...ck_allowed_keys in %s", + allowed_keys[i]); + continue; + } + matched = 1; + } + if (!matched && nallowed_keys != 0) { + error_f("No key matched in allowed signers file(s)"); goto done; } /* success */ @@ -2894,14 +2913,15 @@ done: } static int -sig_find_principals(const char *signature, const char *allowed_keys, - char * const *opts, size_t nopts) +sig_find_principals(const char *signature, char **allowed_keys_files, + size_t nallowed_keys_files, char * const *opts, size_t nopts) { int r, ret = -1; struct sshbuf *sigbuf = NULL, *abuf = NULL; str...

Hello, I'm currently evaluating using `ssh-keygen -Y verify` to check OS artifacts (e.g. packages) and I noticed that the `-f allowed_signers_file` option can be passed only once. A side remark: technically it can be passed multiple times without a warning but the last invocation overrides all previous ones. Tested using: $ ssh-keygen -Y verify -f allowed_signers -f /dev/null -n file -s

...lo samba team ! I have some NFS4 exports managed by a Samba's Kerberos realm. All the standard user accesses work fine. I try now to setup an NFS4 root access to administer the share from another server (the two host are DC, one PDC and one SDC). But I have trouble understanding the kerberos/principals layer. ------------ Actually I do ------------- -> on the server I create an nfs principal and export it to the keytab $ samba-tool user add nfs-myserver --random-password $ samba-tool spn add nfs/myserver.samdom.com nfs-myserver $ samba-tool domain exportkeytab --principal=nfs/myserver.samdom...

Hello, Maybe I did not understand correctly the PKI trust, so forgive me if I am wrong. For example, I have multiple hosts that all serves as monitoring server, I would like to trust only these hosts, so I enrol a certificate for these using "monitoring" principal, so I can connect only to these. At first I thought we can do Match statement at ssh_config, however, the Match is being

...gt; Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Prunk Dump >> Verzonden: vrijdag 9 oktober 2015 8:59 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] kerberos nfs4's principals and root access >> >> Hello samba team ! >> >> I have some NFS4 exports managed by a Samba's Kerberos realm. All the >> standard user accesses work fine. >> >> I try now to setup an NFS4 root access to administer the share from >> another server (...

...ost-on-ubuntu im testing this now. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Prunk Dump > Verzonden: vrijdag 9 oktober 2015 11:34 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] kerberos nfs4's principals and root access > > Thanks you very much Louis ! > > I have tried your setup and I can't mount the share neither from the > server itself or the client. > > On /var/log/syslog I have : > > rpc.gssd : ERROR : no credentials found for connecting to server myserver &...

...ur exports file on the server configured? Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Prunk Dump > Verzonden: vrijdag 9 oktober 2015 8:59 > Aan: samba at lists.samba.org > Onderwerp: [Samba] kerberos nfs4's principals and root access > > Hello samba team ! > > I have some NFS4 exports managed by a Samba's Kerberos realm. All the > standard user accesses work fine. > > I try now to setup an NFS4 root access to administer the share from > another server (the two host are DC, one PDC...

Dear all I'm unable to find an example of extracting the rotated scores of a principal components analysis. I can do this easily for the un-rotated version. data(mtcars) .PC <- princomp(~am+carb+cyl+disp+drat+gear+hp+mpg, cor=TRUE, data=mtcars) unclass(loadings(.PC)) # component loadings summary(.PC) # proportions of variance mtcars$PC1 <- .PC$scores[,1] # extract un-rotated scores of

Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at

Hi, I am new to samba and Kerberos so please be gentle! I have built a samba AD DC (v4.3.5) on Centos Linux from source and am trying to add a service principal and generate a keytab containing the principal. However the principal entry does not appear in the keytab. Here's what I did: [root at bones ~]# samba-tool spn add GEMSTONE64/bunk.gemtalksystems.com at

...re looking for a principal named "host:port" inside of the certificate presented by the server, instead of just looking for the host as I believe OpenSSH does. e.g. the following error is generated: ssh: handshake failed: ssh: principal "localhost:2022" not in the set of valid principals for given certificate: ["localhost"] Before I ping the bug again, it would be good to get a second opinion as to whether that behaviour is correct or not. Cheers, Adam

I am running a PCA, but would like to rotate my data and limit the number of factors that are analyzed. I can do this using the "principal" command from the psych package [principal(my.data, nfactors=3,rotate="varimax")], but the issue is that this does not report scores for the Principal Components the way "princomp" does. My question is: Can you get an

...ipal name that is in the keytab. > > RFC2743 says: > o desired_name INTERNAL NAME, -- NULL requests locally-determined > -- default > >If you add this change, it should be a configuration option, as >the Kerberos replay cache may not be used, and there might be other >principals in the keytab that are not expected to be used by sshd. > >The sysadmin can also set the KRB5_KTNAME env to point to a specific >keytab before starting sshd if there are any special situations. > > >> > >-- > > Douglas E. Engert DEEngert at anl.gov> > Arg...

...mapd.conf Working on it now. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle > Verzonden: vrijdag 9 oktober 2015 13:34 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] kerberos nfs4's principals and root access > > Ok, not working... > > But found this... > > ( http://users.suse.com/~sjayaraman/nfs4_howto.txt ) > > 4.5 A known issue using NFS with kerberos > _________________________________________ > > Even if "no_root_squash" option is used...

Hello, I need to do a principal component analysis with EQUAMAX-rotation. Unfortunately the function principal() I use normally for PCA does not offer this rotation specification. I could find out that this might be possible somehow with the package GPArotation but until now I could not figure out how to use this in the principal component analysis. Maybe someone can give an example on how to do

...with bind_dlz (bind-9.9.1 - P1) on a multi-homed network. I have configured the setup as per Samba4 Howto. But when I try to do "samba_dnsupdate --all-names" it fails with error: dns_tkey_negotiategss: TKEY is unacceptable The kerberos ticket being used by samba_dnsupdate shows follwoing principals: klist -c /tmp/tmp6cxfgY Ticket cache: FILE:/tmp/tmp6cxfgY Default principal: DB-SERVER$@BOM.MH.IN Service principal krbtgt/BOM.MH.IN DNS/db-server at BOM.MH.IN Whereas the dns.keytab shows following principals (repeated for multiple encryption algorithms) klist -k private/dns.keytab: DNS/db-serv...

...te must include the a user's name > to be accepted for authentication. This change adds the ability to > specify a list of certificate principal names that are acceptable. > > When authenticating using a CA trusted through ~/.ssh/authorized_keys, > this adds a new principals="name1[,name2,...]" key option. > > For CAs listed through sshd_config's TrustedCAKeys option, a new config > option "AuthorizedPrincipalsFile" specifies a per-user file containing > the list of acceptable names. > > If either option is...

Hi OpenSSH devs, I?m wondering if the following has any merit and can be done securely ... If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like /etc/ssh/authorized_keys/sshfwd: cert-authority,principals=?batcha-fwd,batchb-fwd? ... /etc/ssh/sshd_config containing: Match User sshfwd PubkeyAuthentication yes PasswordAuthentication...

AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could match o...

Hi, When I have a service on a client that tries to use kerberos and I get errors such as these in the log.samba file: Kerberos: UNKNOWN -- host/ubuntu-test.mydomain.net @ MYDOMAIN.NET: no such entry found in hdb Does this mean that the kerberos authentication system is looking for the principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" in samba4's domain or in the