Displaying 20 results from an estimated 1000 matches similar to: "openssh and kerb 1.4.1 not so happy together"
2003 May 16
2
OpenSSH and KerbV
Is something special required for KerbV auth to work? I've enabled:
KerberosAuthentication yes
on some test boxes and it doesn't work. I do a kinit, and then ssh
and it asks for a password. If you don't provide one, you don't get
in.
2004 Feb 09
4
Some GSSAPI/Kerberos Questions
After reading some more from the archives, a private email, and some
general research, I see that KerbV support has been dropped in favor
of GSSAPI.
Which is fine, and wonderful, I support GSSAPI.
But, erm, the announcement says, "This release contains some GSSAPI
user authentication support to replace legacy KerberosV authentication
support. At present this code is still considered
2004 Jul 22
2
Potential Patch
Hey folks,
Here at USC we have a few changes we make to the source code for various
reasons -- and we have to make them for each new version. I always shrugged
off sending a patch in because the changes felt very internal, but the more I
think about it, the more I think perhaps they would be good for the main tree.
Additionally, the more of this that gets into the main tree the easier
upgrades
2004 Dec 06
1
[Patch] Makefile.in, new install-nosysconf target
For various reasons, it makes our life easier at USC to have a
'install-nosysconf' target much like the install-nokeys target that was added
a while back.
I mentioned this a few months back on this list and people seemed to think it
wouldn't be a problem to get it into the mainline tree.
I've attached the patch -- it should keep 100% backwards compatibility.
Thanks.
--
Phil
2004 Dec 13
1
Status of Sun BSM/Auditd Support ?
Hey folks,
About a year ago it was pointed out to me there was BSM support in CVS that
would hopefully make it into a release soon. I had a look over it and it looks
like it covers everything (it certainly covers more than the 3 or 4 things we
do here at USC).
So I'm wondering what the status of that is? Is it planned for a release soon?
Are there issues with it? This is a really big feature
2004 Feb 07
0
TGT Passing in 3.7
I noticed that it appears KerbV tgt passing seems to have disappeared in
the 3.7 release. Was this dropped, or is it planned to come back? Was
there a reason it disappeared? I looked through the archives but
couldn't find much.
Thanks,
--
Phil Dibowitz phil at ipom.com
Freeware and Technical Pages Insanity Palace of Metallica
2005 Aug 23
1
openssh-unix-dev Digest, Vol 28, Issue 10
On Tue, Aug 23, 2005 at 03:10:45PM +1000, openssh-unix-dev-request at mindrot.org wrote:
> Date: Fri, 19 Aug 2005 17:56:19 +1000
> From: Darren Tucker <dtucker at zip.com.au>
> Subject: Re: OpenSSH sget/sput suggestion
> To: CRX Driver <crxssi at hotmail.com>
> Cc: openssh-unix-dev at mindrot.org
> Message-ID: <430590A3.1090506 at zip.com.au>
> Content-Type:
2003 Jun 07
1
openssh reading only SOME ssh1 hostkeys from ssh.com ssh
Hey folks, I've asked this on the security focus mailing list, but no
one seems to know...
I'm in the process of moving my company from old crufty ssh.com ssh1 to
openssh.
On most of our hosts, we've created rsa and dsa keys but managed to KEEP
the old rsa1 key...
However, on a few hosts, openssh has been unable to read the old rsa1
key and has claimed:
debug1: Unsupported
2003 May 06
1
logging command line execs
Hey folks,
As part of a local change, we like to authlog the commands executed via
command line, i.e.:
ssh user at host "somecommand"
And I was able to modify session.c like so:
--------------------------------------
case SSH_CMSG_EXEC_CMD:
if (type == SSH_CMSG_EXEC_CMD) {
command = packet_get_string(&dlen);
2007 Jan 09
0
Winbind / kerb eros
hi'
Ive followed the steps from http://weblog.bignerdranch.com/?p=6
<http://weblog.bignerdranch.com/?p=6&page=2> &page=2 and
http://forums.fedoraforum.org/showthread.php?t=92804
I'm trying to login as a domain user in x (gdm)
If a boot the pc and try to login i get the following error in
/var/log/messages:
Jan 9 13:10:35 zgltsp03 gdm(pam_unix)[2812]: check pass; user
2012 Jun 04
3
Update .k5login with Puppet
Hi,
can you anyone suggest me how can i update .k5login to append new entry or
remove existing line
when i tried using
k5login { ''/root/.k5login'':
ensure => present,
path => ''/root/.k5login'',
principals => ''dhaval@MYREALM.COM'',
}
it completelty removes all lines form k5login and put
2013 May 09
1
Crossrealm Kerberos problems
I am running dovecot 2.1.7 on Debian Squeeze 64 bit, config information
at the end of the email.
I am working on a Kerberos/GSSAPI based setup that requires cross-realm
authentication. I have regular GSSAPI working, I can log in using
pam_krb5 with password based logins or with the GSSAPI support when
using a kerberos ticket in the default realm.
However when I attempt to authenticate using
2012 Dec 28
1
Kerberos/GSSAPI auth via .k5login file
Hi, we are currently moving our mailserver to a new server with Dovecot,
virtual users in LDAP, Passwords in Kerberos Setup. Everything works
fine except for GSSAPI which seems to be a bit buggy.
The thing is, that when using a .k5login [1] file it seems that SASL
does not get passed the home directory specified userdb. In other words,
mails for user1 (see below) are stored in
2019 Oct 04
2
authorized_principals for Kerberos authentication
Hello,
SSH supports ~/.ssh/authorzied_keys for SSH keys and
~/.ssh/authorized_principals for X509 certs.
I could not find an equivalent of authorzied_keys
using Kerberos authentication.
IMHO it should be possible using the Kerberos principal
very much like the principal contained inside a X509
certificate.
My main use case is assigning a specific command to
a user logging in using Kerberos
2020 Feb 19
2
[Bug 3123] New: PermitOpen does not allow wildcards for hosts despite what docs say
https://bugzilla.mindrot.org/show_bug.cgi?id=3123
Bug ID: 3123
Summary: PermitOpen does not allow wildcards for hosts despite
what docs say
Product: Portable OpenSSH
Version: 7.2p2
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
2001 Nov 07
1
what's the deal with openssh-3.0p1 and kerberos5?
The openssh-3.0 announcement said:
(...)
3) improved Kerberos support in protocol v1 (KerbIV and KerbV)
(...)
This seems to imply at least some krb5 support, but there is nothing
new in ./configure --help about it. Grepping the source, I see many
references to #ifdef KRB5. Trying to enable it manually (a #define
in config.h) gives errors about a missing krb5_auth_con_setaddrs_from_fd,
which I
2006 Jan 17
0
file_column with both root_path and store_dir
I store my file_column database outside of my RAILS_ROOT.
It seems to work in real life, but not in tests.
In the tests, I can''t set both the root_path and the store_dir. In
tests, setting the store_dir option will override the root_path
option. The only way for root_path to work is to remove store_dir. I
think the problem is in file_column.rb on line 22:
options[:store_dir]
2012 Aug 19
0
Samba4: The mit list insist that file server and DC must be one and the same
steve wrote:
>
> My only remaining question is that to open port 22 on the file server,
> I've had to open all the other ports otherwise I could not kinit or
> anything else. Could you/is there a list of ports which need to be
> open for a S3 fileserver which is also a nfs server to be able to
> communicate to the rest of the LAN without all ports being opened?
>
>
2018 Jun 26
1
4.5 -> 4.8 samba fails to start
Hi Rowland,
Thanks for your explanation.
We have set up Samba to authenticate users against an external MIT
Kerberos server and usernames match those in Unix password files.
The setup was almost exactly like the Ubuntu help page:
https://help.ubuntu.com/community/Samba/Kerberos#MIT_Kerberos
There are others who have also set up Samba this way:
2007 Sep 30
2
Central principal->user@host management?
[Apologies if this is an off-topic question; please direct me to a more
appropriate place if so.]
Using Kerberos/GSSAPIAuthentication, is there a way to centrally
control/manage (perhaps using LDAP?) which user principals can log into what
hosts/accounts?
--
Jos Backus
jos at catnook.com