search for: revocable

https://bugzilla.mindrot.org/show_bug.cgi?id=3659 Bug ID: 3659 Summary: Certificates are ignored when listing revoked items in a (binary) revocation list Product: Portable OpenSSH Version: 9.2p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5

Please tell me in technical details how current revocation support works, or give links. Then I will be able to give an answer. On Fri, May 25, 2018 at 7:16 AM, Damien Miller <djm at mindrot.org> wrote: > > > On Fri, 25 May 2018, Yegor Ievlev wrote: > >> Can you implement revocation support? > > What do you want that the existing revocation support lacks?

Hi, I have a smartcard which is revoked in the Certificate Revocation List (CRL) but I can still login. Seams like the CRL check is not performed. Any known bug around this? Server setup: - Samba 4.4 on Debian as AD DC - Created domain MYDOM - smb.conf (extract): tls enabled = yes tls crlfile = tls/mycrl.pem (default is to look under private/ folder) Client setup: - Windows 7 machine as

Hi, already asked in the openssl mailing list, but just in case you already went through this... I need a little help with Certificate Revocation Lists. I did setup client certificates filtering with apache and it seem to work fine so far (used a tutorial on http://www.adone.info/?p=4, down right now). I have a "CA" that is signing a "CA SSL". Then, the "CA SSL" is

https://bugzilla.mindrot.org/show_bug.cgi?id=2328 Bug ID: 2328 Summary: Per-user certificate revocation list (CRL) in authorized_keys Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd

Thanks but I've actually tried that too. Not sure I put it in [kdc] section though, I can try again. Den 21 sep. 2017 20:54 skrev "Andrew Bartlett" <abartlet at samba.org>: > On Thu, 2017-09-21 at 13:01 +0200, Peter L via samba wrote: > > Hi, > > I have a smartcard which is revoked in the Certificate Revocation List > > (CRL) but I can still login. Seams

Can you implement revocation support? On Fri, May 25, 2018 at 6:55 AM, Damien Miller <djm at mindrot.org> wrote: > No way, sorry. > > The OpenSSH certificate format was significantly motivated by X.509's > syntactic and semantic complexity, and the consequent attack surface in > the sensitive pre-authentication paths of our code. We're very happy to > be able to

On Thu, 21 Sep 2017 22:08:51 +0200 Peter L via samba <samba at lists.samba.org> wrote: > Thanks but I've actually tried that too. Not sure I put it in [kdc] > section though, I can try again. > > Den 21 sep. 2017 20:54 skrev "Andrew Bartlett" <abartlet at samba.org>: > > > On Thu, 2017-09-21 at 13:01 +0200, Peter L via samba wrote: > > >

Ah, thank you, obviously this is a bug. Last comment (Łukasz Matyja 2016-04-01) says to have a fix, but how do I know if it has been added to bitbucket/samba? And if so, in which version? Or does the problem remain since the bugzilla case is still there? (Status: New) On Thu, Sep 21, 2017 at 10:52 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Thu, 21 Sep 2017

Hello, this is a little bit off-topic (even if it have to work on CentOS ;-) I'm looking for a tool to manage a small Public Key Infrastructure, with creation/revocation of certificates X.509, export in PKCS#12 format and have the ability to handle CSR (Certificate Signing Request). I've wrote my own script to perform it (openssl command line based): it's a good way to

Hi, As far as I can tell, when working in an environment with many servers, there seem to be several ways for your client to authenticate the HostKeys of each: 1) Set StrictHostKeyChecking=no, and hope you don't get MITM'd the first time you connect to a server. 2) Use SSHFP records (which generally requires you to have DNSSEC fully deployed to be meaningful compared to #1, I think?)

https://bugzilla.mindrot.org/show_bug.cgi?id=3204 Bug ID: 3204 Summary: Enable user-relative revoked keys files Product: Portable OpenSSH Version: 8.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

On Mon, 2018-03-19 at 11:55 +1300, Garming Sam via samba wrote: > Hi, > > Maybe this page might be helpful. I don't know how up to date it is, but > the expectation seems to be that it should be able to work with > alternative forms of authentication (with Kerberos PKINIT). > > https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login Yeah, I think something that

Zero matches in both. https://linux.die.net/man/5/sshd_config https://linux.die.net/man/5/ssh_config On Fri, May 25, 2018 at 7:48 AM, Damien Miller <djm at mindrot.org> wrote: > On Fri, 25 May 2018, Yegor Ievlev wrote: > >> Please tell me in technical details how current revocation support >> works, or give links. Then I will be able to give an answer. > > Please

Hi Daminan! Hmmm... thought about a little... when i use -vvv with ssh-keygen -Qf i see "debug1:..." So i think, debug is compiled in. ssh-keygen --help gives me ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ... so... option -z is not the serial of the certificate, it is the version-number of the KRL-File... My openssh-Verision from Debian is

Hello, I am trying to use the libvirt Java bindings (version 0.4.7) with libvirt version 0.9.12 to connect to a XenServer hypervisor. Virsh is able to connect to my XenServer, but when I try to do the same thing in Java, it won't connect. Here is the debug output: 2012-06-26 19:48:52.259+0000: 26051: info : libvirt version: 0.9.12, package: 1.fc16 (Unknown, 2012-06-26-11:43:53, flynx)

OpenSSH 7.9 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GnuPG's ElGamal signing keys compromised ========================================== Summary ======= Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that

Hi! While reading through PROTOCOL.krl I came across "5. KRL signature sections". If my understanding is correct - and that's basically what I would like to get knocked down for if appropriate ;) - this is a way for SSHDs to ensure they only accept KRLs signed by a trusted CA. However, I cannot seem to find a way to actually _sign_ a KRL with ssh-keygen? The aforementioned

Hi everyone, The Netfilter coreteam PGP key 0xAB4655A126D292E4 expired on November 17th, 2020. Hence, we have generated a new PGP key 0xD55D978A8A1420E4. For more information, please visit: https://www.netfilter.org/about.html#gpg In accordance with good key management practices, we have also generated a revocation certificates for our old PGP key. The revocation certificate for our old PGP key