search for: principals

...lo samba team ! I have some NFS4 exports managed by a Samba's Kerberos realm. All the standard user accesses work fine. I try now to setup an NFS4 root access to administer the share from another server (the two host are DC, one PDC and one SDC). But I have trouble understanding the kerberos/principals layer. ------------ Actually I do ------------- -> on the server I create an nfs principal and export it to the keytab $ samba-tool user add nfs-myserver --random-password $ samba-tool spn add nfs/myserver.samdom.com nfs-myserver $ samba-tool domain exportkeytab --principal=nfs/myserver.samdom...

Hello, Maybe I did not understand correctly the PKI trust, so forgive me if I am wrong. For example, I have multiple hosts that all serves as monitoring server, I would like to trust only these hosts, so I enrol a certificate for these using "monitoring" principal, so I can connect only to these. At first I thought we can do Match statement at ssh_config, however, the Match is being

...gt; Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Prunk Dump >> Verzonden: vrijdag 9 oktober 2015 8:59 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] kerberos nfs4's principals and root access >> >> Hello samba team ! >> >> I have some NFS4 exports managed by a Samba's Kerberos realm. All the >> standard user accesses work fine. >> >> I try now to setup an NFS4 root access to administer the share from >> another server (...

...ost-on-ubuntu im testing this now. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Prunk Dump > Verzonden: vrijdag 9 oktober 2015 11:34 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] kerberos nfs4's principals and root access > > Thanks you very much Louis ! > > I have tried your setup and I can't mount the share neither from the > server itself or the client. > > On /var/log/syslog I have : > > rpc.gssd : ERROR : no credentials found for connecting to server myserver &...

...ur exports file on the server configured? Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Prunk Dump > Verzonden: vrijdag 9 oktober 2015 8:59 > Aan: samba at lists.samba.org > Onderwerp: [Samba] kerberos nfs4's principals and root access > > Hello samba team ! > > I have some NFS4 exports managed by a Samba's Kerberos realm. All the > standard user accesses work fine. > > I try now to setup an NFS4 root access to administer the share from > another server (the two host are DC, one PDC...

Dear all I'm unable to find an example of extracting the rotated scores of a principal components analysis. I can do this easily for the un-rotated version. data(mtcars) .PC <- princomp(~am+carb+cyl+disp+drat+gear+hp+mpg, cor=TRUE, data=mtcars) unclass(loadings(.PC)) # component loadings summary(.PC) # proportions of variance mtcars$PC1 <- .PC$scores[,1] # extract un-rotated scores of

Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at

Hi, I am new to samba and Kerberos so please be gentle! I have built a samba AD DC (v4.3.5) on Centos Linux from source and am trying to add a service principal and generate a keytab containing the principal. However the principal entry does not appear in the keytab. Here's what I did: [root at bones ~]# samba-tool spn add GEMSTONE64/bunk.gemtalksystems.com at

...re looking for a principal named "host:port" inside of the certificate presented by the server, instead of just looking for the host as I believe OpenSSH does. e.g. the following error is generated: ssh: handshake failed: ssh: principal "localhost:2022" not in the set of valid principals for given certificate: ["localhost"] Before I ping the bug again, it would be good to get a second opinion as to whether that behaviour is correct or not. Cheers, Adam

I am running a PCA, but would like to rotate my data and limit the number of factors that are analyzed. I can do this using the "principal" command from the psych package [principal(my.data, nfactors=3,rotate="varimax")], but the issue is that this does not report scores for the Principal Components the way "princomp" does. My question is: Can you get an

...ipal name that is in the keytab. > > RFC2743 says: > o desired_name INTERNAL NAME, -- NULL requests locally-determined > -- default > >If you add this change, it should be a configuration option, as >the Kerberos replay cache may not be used, and there might be other >principals in the keytab that are not expected to be used by sshd. > >The sysadmin can also set the KRB5_KTNAME env to point to a specific >keytab before starting sshd if there are any special situations. > > >> > >-- > > Douglas E. Engert DEEngert at anl.gov> > Arg...

...mapd.conf Working on it now. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle > Verzonden: vrijdag 9 oktober 2015 13:34 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] kerberos nfs4's principals and root access > > Ok, not working... > > But found this... > > ( http://users.suse.com/~sjayaraman/nfs4_howto.txt ) > > 4.5 A known issue using NFS with kerberos > _________________________________________ > > Even if "no_root_squash" option is used...

Hello, I need to do a principal component analysis with EQUAMAX-rotation. Unfortunately the function principal() I use normally for PCA does not offer this rotation specification. I could find out that this might be possible somehow with the package GPArotation but until now I could not figure out how to use this in the principal component analysis. Maybe someone can give an example on how to do

...with bind_dlz (bind-9.9.1 - P1) on a multi-homed network. I have configured the setup as per Samba4 Howto. But when I try to do "samba_dnsupdate --all-names" it fails with error: dns_tkey_negotiategss: TKEY is unacceptable The kerberos ticket being used by samba_dnsupdate shows follwoing principals: klist -c /tmp/tmp6cxfgY Ticket cache: FILE:/tmp/tmp6cxfgY Default principal: DB-SERVER$@BOM.MH.IN Service principal krbtgt/BOM.MH.IN DNS/db-server at BOM.MH.IN Whereas the dns.keytab shows following principals (repeated for multiple encryption algorithms) klist -k private/dns.keytab: DNS/db-serv...

...te must include the a user's name > to be accepted for authentication. This change adds the ability to > specify a list of certificate principal names that are acceptable. > > When authenticating using a CA trusted through ~/.ssh/authorized_keys, > this adds a new principals="name1[,name2,...]" key option. > > For CAs listed through sshd_config's TrustedCAKeys option, a new config > option "AuthorizedPrincipalsFile" specifies a per-user file containing > the list of acceptable names. > > If either option is...

Hi OpenSSH devs, I?m wondering if the following has any merit and can be done securely ... If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like /etc/ssh/authorized_keys/sshfwd: cert-authority,principals=?batcha-fwd,batchb-fwd? ... /etc/ssh/sshd_config containing: Match User sshfwd PubkeyAuthentication yes PasswordAuthentication...

AFAIK everything you described here could be done using the AuthorizedKeysCommand or AuthorizedPrincipalsCommand directives. These can emit authorized_keys options (inc. permitopen) as well as the allowed keys/principals. On Sun, 12 Nov 2023, Bret Giddings wrote: > Hi OpenSSH devs, > > I?m wondering if the following has any merit and can be done securely ... > > If you could match o...

Hi, When I have a service on a client that tries to use kerberos and I get errors such as these in the log.samba file: Kerberos: UNKNOWN -- host/ubuntu-test.mydomain.net @ MYDOMAIN.NET: no such entry found in hdb Does this mean that the kerberos authentication system is looking for the principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" in samba4's domain or in the

Hi Rowland, Thanks for your help again. I understand the difference between the UPN (User Principal Name) and the SPN (Service Principal Name). But in your second exemple, you never mention the SPN, neither in the keytab export or in the kinit command. Does that means that there is no kinit possible using the SPN? So I am worried of what is the benefice of adding a SPN to a user instead of

...t as I believe OpenSSH does. > > Darren will know better, since IIRC he added the port specifier to > known_hosts originally. But I believe the behaviour is: > > If the default port is in use then the host principal is just the hostname. > > If a non-default port, then the host principals is "[host]:port". > > If a non-default port is in use and "[host]:port" doesn't match, then > try the plain hostname. Hi Damien, I think we're still talking a bit at cross purposes. My question did not relate to how the known_hosts file is processed (which fro...