Displaying 20 results from an estimated 10000 matches similar to: "GSSAPI credentials deletion"
2020 Jul 13
0
Authentication with trusted credentials
Louis, could you take a look on my case again?
I am not sure that the problem is in incorrect groups.
Only trusted credentials don't work. Have you any idea what the reason is?
On Mon, 13 Jul 2020 at 19:50, Yakov Revyakin <yrevyakin at gmail.com> wrote:
> Some more details. Below is what I have during joining Linux (Ubuntu
> 20.04) to the SVITLA3 domain. SVITLA3 (Samba) is
2003 Dec 10
1
GSSAPICleanupCredentials vs GSSAPICleanupCreds
In 3.7.1p2, the sshd_config manpage talks about GSSAPICleanupCredentials, while
servconf.c uses GSSAPICleanupCreds. Here is a patch:
--- openssh-3.7.1p2/servconf.c.orig 2003-12-10 10:43:52.000000000 -0200
+++ openssh-3.7.1p2/servconf.c 2003-12-10 10:44:13.000000000 -0200
@@ -310,10 +310,10 @@
{ "afstokenpassing", sUnsupported },
#ifdef GSSAPI
{
2020 Jul 16
0
Authentication with trusted credentials
Hai,
I dont use trusts myself, this is what i see.
Lets take small steps here.
First of all, why does the DOMAIN contains/shows a dot in it.
( i think its a wrong setting in sssd, but i dont know sssd )
I know this is one of your REALMs and not the domain.
I refer to :
https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and
2007 Apr 30
0
GSSAPI credentials delegation fails with a segfault
Hi,
I'm trying to use the GSSAPIDelegateCredentials function to forward my
kerberos 5 tickets.
Authentication with GSSAPI/Kerberos 5 works fine, I can log in to the
server when I have valid tickets on my client.
But when I turn on GSSAPIDelegateCredentials I get "Connection reset by
peer" at the client side.
At the server side, I have been able to see that the user process gets a
2012 Jul 09
2
How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?
Hi,
I am doing some kerberos testing with samba4 using ssh. I have setup
samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and
active directory seems to be working both with Windows and Linux clients.
ssh unfortunately is not kerberos authenticating via GSSAPI. The client
krb5.conf contains this:
=====================================================
[libdefaults]
2004 Dec 02
1
[Bug 958] patch to support GSI GSSAPI mechanism
http://bugzilla.mindrot.org/show_bug.cgi?id=958
Summary: patch to support GSI GSSAPI mechanism
Product: Portable OpenSSH
Version: 3.9p1
Platform: All
URL: http://grid.ncsa.uiuc.edu/ssh/
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Miscellaneous
2004 Oct 25
1
[Bug 944] ssh_config missing default configuration values for GSSAPI
http://bugzilla.mindrot.org/show_bug.cgi?id=944
Summary: ssh_config missing default configuration values for
GSSAPI
Product: Portable OpenSSH
Version: 3.9p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo: openssh-bugs at
2020 Jul 13
2
Authentication with trusted credentials
Some more details. Below is what I have during joining Linux (Ubuntu 20.04)
to the SVITLA3 domain. SVITLA3 (Samba) is trusting, APEX (AD) is trusted.
SVITLA3 has *administrator *and *test01 *users, APEX has *administrator *and
*jake *users.
test01 - 20000:20000 (uidNumber:gidNumber)
jake - 10000:10000
You can see some delay in some places - I marked them bold. It looks like
DNS timeouts.
The
2005 Feb 21
6
OpenSSH+GSSAPI & HP/UX 11i...
I am trying to transition several HP/UX 11i (PA/RISC) servers from
ssh.com over to OpenSSH+GSSAPI (3.9p1) and it's complaining about the
GSSAPI include files:
-=-
gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.
-I/usr/local/ssl/include -D_HPUX_SOURCE -D_XOPEN_SOURCE
-D_XOPEN_SOURCE_EXTENDED=1 -I/usr/local/krb5/include
-DSSHDIR=\"/usr/local/etc\"
2009 May 23
2
Memory leak caused by forwarded GSSAPI credential store
Hi guys
While debugging a GSSAPI memory allocation problem not related to OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following:
In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls
2009 May 23
7
[Bug 1601] New: Memory leak caused by forwarded GSSAPI credential store
https://bugzilla.mindrot.org/show_bug.cgi?id=1601
Summary: Memory leak caused by forwarded GSSAPI credential
store
Product: Portable OpenSSH
Version: 5.2p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at
2011 Jun 21
1
tkey-gssapi-credential and bind (Samba4)
So I am in step 10 of the samba4 howto
(https://wiki.samba.org/index.php/Samba4/HOWTO#Step_10_Configure_kerberos_DNS_dynamic_updates);
my bind9 is 9.7.3 which seems to be current enough for this. In it we
are to add
tkey-gssapi-credential "DNS/samdom.example.com";
tkey-domain "SAMDOM.EXAMPLE.COM";
to /etc/bind/named.conf.options. Since my test domain is
test.domain.com,
2014 May 25
2
Samba 4 / Kerberos / ssh
I try to get Samba 4 with ssh running.
I found in the Script from Matthieu Patou tot he sysvol sync the follwing intresting line.
---
kinit -k -t /etc/krb5.keytab `hostname -s | tr "[:lower:]" "[:upper:]"`\$
rsync -X -u -a $dc_account_name\$@${dc}.${domain}:$SYSVOL $STAGING
---
when i understand correct he uses the domain controller service principle to connect to the
2017 Nov 01
0
Winbind, Kerberos, SSH and Single Sign On
I can suggest a few things.
krb5.conf ( if you use nfsv4 with kerberized mounts _
[libdefaults]
ignore_k5login = true in
But, it does not look like it in you logs your useing kerberized mounts.
Im missing in SSHD_config :
UseDNS yes
And the defaults :
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
Are sufficient for a normal ssh kerberized login.
Optional,
2017 Nov 02
2
Winbind, Kerberos, SSH and Single Sign On
Hi,
thanks for your hints. DNS, /etc/resolf.conf, /ets/hosts seem to be
correct. I'm able to do a kerberized ssh with a user from
subdom2.subdom1.example.de (testuser at SUBDOM2.SUBDOM1.EXAMPLE.DE) But I'm
not able to do the same with a user from example.de (user1 at EXAMPLE.DE).
--
Regards,
Andreas
Am 01.11.2017 um 10:51 schrieb L.P.H. van Belle via samba:
> I can suggest a few
2019 Jan 18
1
SSH SSO without keytab file
Thanks for the prompt reply!
> I did see that you are using Administrator, and thats the problem.
> Administrator is mapped to root ( most of the time ),
> if you assigned Administrator UID = 0 then you have a problem, because only root = uid 0.
>
> Never ever give Administrator a UID/GID
I am using tdb backend. It mapped administrator account to 12000:10000.
> So try again
2004 Sep 12
1
[Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts
http://bugzilla.mindrot.org/show_bug.cgi?id=928
Summary: Kerberos/GSSAPI authentication does not work with
multihomed hosts
Product: Portable OpenSSH
Version: -current
Platform: Other
URL: http://marc.theaimsgroup.com/?l=openssh-unix-
dev&m=108008882620573
OS/Version: All
2006 Dec 14
1
Problems using gssapi authentication from FreeBSD to Linux machines
Hi all,
I'm really struggling with getting Kerberos authentication to work
between a FreeBSD host and a Linux host. I'm using the latest 6-
STABLE code on the FreeBSD box, I've got forwardable Kerberos tokens
(verified with "klist -f") and Kerberos and ssh are working fine in
all other ways, but I can't get the Linux box to accept the Kerberos
ticket as
2013 Sep 23
0
GSSAPI headers
FreeBSD has both <gssapi.h> and <gssapi/gssapi.h>, but the former is a
wrapper that prints a warning before including the latter. This is a
problem when building with -Werror. This patch reverses the order of
preference so <gssapi/gssapi.h> wins over <gssapi.h>.
Index: ssh-gss.h
===================================================================
--- ssh-gss.h (revision
2015 Sep 02
3
[Bug 2456] New: gssapi-keyex blocked by PermitRootLogin=without-password
https://bugzilla.mindrot.org/show_bug.cgi?id=2456
Bug ID: 2456
Summary: gssapi-keyex blocked by
PermitRootLogin=without-password
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd