similar to: Kerberos Books/Documents

I have a kerberized SSHD installed on HOST-1, a login server for the outside world. How can I make it so users are still authenticated via kerberos, even though they haven't yet received a ticket? The main reason for this is that a user who is at home, no vpn, but has an ssh client could then login and be authenticated by kerberos using password authentication, get a ticket, then be allowed

Just curious. I'd like to move up to 3.1px since there are security updates associated with it. Also, any pointers on implementing an kerberized external login server would be helpful. TIA -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin at coremetrics.com "It is the part of a good shepherd to shear his flock, not to skin it." Latin

forwarding at all, or it's been turned off in /etc/ssh/sshd_config. To find out you're IP that you're coming from, use www.whatismyip.com it will tell you what you're IP is. Either that or who -l should show you as well, when you're ssh'd into the system.(the one that the VPN is talking to) On Fri, 2002-05-31 at 17:05, Kerl, Andreas wrote: > No "ssh -X

forwarding at all, or it's been turned off in /etc/ssh/sshd_config. To find out you're IP that you're coming from, use www.whatismyip.com it will tell you what you're IP is. Either that or who -l should show you as well, when you're ssh'd into the system.(the one that the VPN is talking to) On Fri, 2002-05-31 at 17:05, Kerl, Andreas wrote: > No "ssh -X

forwarding at all, or it's been turned off in /etc/ssh/sshd_config. To find out you're IP that you're coming from, use www.whatismyip.com it will tell you what you're IP is. Either that or who -l should show you as well, when you're ssh'd into the system.(the one that the VPN is talking to) On Fri, 2002-05-31 at 17:05, Kerl, Andreas wrote: > No "ssh -X

Are there any patches to enable Krb5 for OpenSSH? I'm trying to get a proof of concept done so I can eventually roll Krb5 and OpenSSH out as our primary AA infrastructure and I'm having a hard time of it. Can someone point me to info to help? -- Austin Gonyou Systems Architect Coremetrics, Inc. Phone: 512-796-9023 email: austin at coremetrics.com

OpenSSH 2.9p2 portable doesn't seem to like files >2GB. Is there an option for this, or a way to enable file transfers of files >2GB using scp or sftp? TIA -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin at coremetrics.com "It is the part of a good shepherd to shear his flock, not to skin it." Latin Proverb

Just curious. There seems to be an awful lot in the source, but no actual configure option. Please advise. -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin at coremetrics.com "It is the part of a good shepherd to shear his flock, not to skin it." Latin Proverb

No "ssh -X hostname" doesn't work. But when you "export DISPLAY=..." it works!? I set the the Display Hack so that I can see my IP with "env" or "echo SSH_CLIENT" when I'm connect via VPN-Tunnel and I don't know my IP in the Net I'm connected through. Andreas Kerl ----------------------------------------- DTS Medien GmbH Heidestrasse 38

I can't seem to login with only a TGS? (i.e. no password) Do I need another patch to have that part work? Password auth seems to be working against the KDC just fine. TIA. -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin at coremetrics.com "One ought never to turn one's back on a threatened danger and try to run away from it. If you do

Is there something like this that's possible? Maybe by wrapping sftp-server or some such thing? -- Austin Gonyou <austin at coremetrics.com> Coremetrics, Inc.

I was under the impression it was just compatibility, and not actually built-in, but I thought I'd ask here and just make sure of what I'm saying. :) TIA. -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin at coremetrics.com "It is the part of a good shepherd to shear his flock, not to skin it." Latin Proverb -------------- next part

I was wondering if anyone would find the syntax: ssh://someuser at host#port or even as simple as ssh://somehost#port useful? -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin at coremetrics.com "One ought never to turn one's back on a threatened danger and try to run away from it. If you do that, you will double the danger. But if you meet

Thanks to Simon Wilkinson for getting Kerberos working in OpenSSH. Changes: *openssh.spec file has been updated to use the kerberos patches based on the existence of krb5-devel rpm *added sshd-krb5.pam to contrib/redhat. This file enables the sshd to accept password auth, and check the password against the KDC. *Bumped the OpenSSH rpm build version to 3. *added sshd-krb5.pam install to

What is the target version for all the KRB5 bits to be in place. I know there is very much in place right now, but I remember someone mentioning there was just a GSSAPI/MITKRB5 patch being waited for. TIA. -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin at coremetrics.com "One ought never to turn one's back on a threatened danger and try

> > When I try to > > access even an already-mounted NFS directory to which I have permission, > > gssproxy complains: > > > > Jul 10 08:55:51 smb gssproxy: gssproxy[1469]: (OID: { 1 2 840 113554 1 2 > 2 > > }) Unspecified GSS failure. Minor code may provide more information, > > Client 'host/smb.soe.ucsc.edu at AD.SOE.UCSC.EDU' not found in

Could all those who were having problems with utmp logging on Solaris please try the test release at: http://violet.ibs.com.au/openssh/files/test/openssh-TEST-2000053100.tar.gz Users on other platforms, particularly HP/UX, AIX and SCO are invited as well, to test compatibility. The login code is heaps cleaner now. -d -- | "Bombay is 250ms from New York in the new world order" -

Hi, I'm new to the list (and samba). It's a great technology and I look forward to learning more about it. I have an OS X Server that utilizes the built-in Samba to allow for Windows client connectivity. The OSXS gets the majority of its users from an LDAP server elsewhere on the campus. On OSXS, it's expected that the Windows users will be local or that the server will be a

Hi, I've been working on some systems trying to get kerberized nfsv4 and kerberized web services going on 7. Kerberized nfsv4 was working with 7.0, but with the 7.1 release it stopped working, the key difference between the two setups is that gssproxy wasn't being used with 7.0, but seems to be key with 7.1. The problem I am encountering with Kerberized NFSv4 is that the directory will

I agree that this sounds like, and indeed is, a recipe for disaster. I was going to explain some of the woes of our environment but I don't think it's actually relevant after looking at my problem a bit more. If I'm way off base I'm happy to be herded back, but please tolerate me as I share what I am seeing today because I really hope to solve the narrow issue of SMB file access