similar to: GSSAPI Key Exchange for 4.4p1

Displaying 20 results from an estimated 1000 matches similar to: "GSSAPI Key Exchange for 4.4p1"

2008 Apr 04
0
GSSAPI Key Exchange Patch for OpenSSH 5.0p1 (plus an added extra)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's that time again! There's been another OpenSSH release, and once again, I'm pleased to announce the availability of my GSSAPI Key Exchange patch for it. Whilst OpenSSH contains support for GSSAPI user authentication, this still relies upon SSH host keys to authenticate the server to the user. For sites with a deployed Kerberos
2007 Mar 12
0
GSSAPI Key Exchange Patch for OpenSSH 4.6p1
Hi, I'm pleased to announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.6p1. This patch adds support for the RFC4462 GSSAPI key exchange mechanisms to OpenSSH, along with some minor fixes for the GSSAPI code that is already in the tree. The patch implements: *) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key exchange mechanisms. (#1242) *)
2009 Jul 26
0
GSSAPI Key Exchange Patch for OpenSSH 5.2p1
Somewhat belatedly, I'm pleased to announce the availability of my GSSAPI key exchange patches for OpenSSH 5.2p1. Apologies for the delay in getting these out, a honeymoon, followed by the pressure of work, made the first half of this year rather busy! Whilst OpenSSH contains support for GSSAPI user authentication, this still relies upon SSH host keys to authenticate the server to the
2010 Jan 24
0
GSSAPI Key Exchange Patch for OpenSSH 5.3p1
From the better-late-than-never-department, I'm pleased to announce the availability of my GSSAPI Key Exchange patches for OpenSSH 5.3p1. This is a pretty minor maintenance release - it contains a couple of fixes to take into account changes to the underlying OpenSSH code, and a compilation fix for when GSSAPI isn't required. Thanks to Colin Wilson and Jim Basney for their bug reports.
2007 Sep 27
4
GSSAPI Key Exchange Patch for OpenSSH 4.7p1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm pleased to (finally) announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.7p1. Whilst OpenSSH contains support for doing GSSAPI user authentication, this only allows the underlying security mechanism to authenticate the user to the server, and continues to use SSH host keys to authenticate the server to the
2014 May 25
2
Samba 4 / Kerberos / ssh
I try to get Samba 4 with ssh running. I found in the Script from Matthieu Patou tot he sysvol sync the follwing intresting line. --- kinit -k -t /etc/krb5.keytab `hostname -s | tr "[:lower:]" "[:upper:]"`\$ rsync -X -u -a $dc_account_name\$@${dc}.${domain}:$SYSVOL $STAGING --- when i understand correct he uses the domain controller service principle to connect to the
2016 Nov 09
6
[Bug 2637] New: GSSAPIStrictAcceptorCheck should default to 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2637 Bug ID: 2637 Summary: GSSAPIStrictAcceptorCheck should default to 'yes' Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: minor Priority: P5 Component: Kerberos support Assignee:
2014 Jan 24
3
[Bug 2198] New: GSSAPIKeyExchange gssapi-keyex bug in kex.c choose_kex()
https://bugzilla.mindrot.org/show_bug.cgi?id=2198 Bug ID: 2198 Summary: GSSAPIKeyExchange gssapi-keyex bug in kex.c choose_kex() Product: Portable OpenSSH Version: 6.4p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: Kerberos support
2008 Oct 14
1
GSSAPI Key Exchange on multi-homed host
>From a security standpoint, if the default keytab (/etc/krb5.keytab) contains only ONE principal, does it matter if GSSAPIStrictAcceptorCheck is set to "yes" or "no"? My company uses an internally built OpenSSH package that includes the GSSAPI Key Exchange patch. Because we have 1000s of hosts, we need to use a "standard" sshd_config file that works for the
2020 Jul 13
0
Authentication with trusted credentials
Louis, could you take a look on my case again? I am not sure that the problem is in incorrect groups. Only trusted credentials don't work. Have you any idea what the reason is? On Mon, 13 Jul 2020 at 19:50, Yakov Revyakin <yrevyakin at gmail.com> wrote: > Some more details. Below is what I have during joining Linux (Ubuntu > 20.04) to the SVITLA3 domain. SVITLA3 (Samba) is
2007 Nov 13
2
Enhanced Kerberos support
The recent addition of auth_gssapi_hostname is a welcome addition, but a little more is needed for multi-homed (or multi-domained) sites. SSH recently added this enhancement to address this common need: GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. If ?yes? then the client must
2020 Oct 02
0
Kerberos ticket lifetime
Ah, and it that server allowed to "forward/exchange" that ticket? Try this on both servers and test again. GSSAPIAuthentication yes GSSAPICleanupCredentials no GSSAPIStrictAcceptorCheck no GSSAPIKeyExchange yes Which you need exaclty, i dont now, but i think you need to look in this area.. Think in this : Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
2006 Aug 18
1
[Bug 928] Kerberos/GSSAPI authentication does not work with multihomed hosts
http://bugzilla.mindrot.org/show_bug.cgi?id=928 simon at sxw.org.uk changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |simon at sxw.org.uk ------- Comment #2 from simon at sxw.org.uk 2006-08-19 08:31 ------- I'd rather see us move towards just using
2020 Jul 13
2
Authentication with trusted credentials
Some more details. Below is what I have during joining Linux (Ubuntu 20.04) to the SVITLA3 domain. SVITLA3 (Samba) is trusting, APEX (AD) is trusted. SVITLA3 has *administrator *and *test01 *users, APEX has *administrator *and *jake *users. test01 - 20000:20000 (uidNumber:gidNumber) jake - 10000:10000 You can see some delay in some places - I marked them bold. It looks like DNS timeouts. The
2006 Mar 06
0
GSSAPI Key Exchange patches for OpenSSH 4.3p2
Patches supporting GSSAPI Key Exchange in OpenSSH 4.3p2 are now available from http://www.sxw.org.uk/computing/patches/openssh.html These patches add support for performing GSSAPI key exchange to the OpenSSH client and server. Whilst OpenSSH contains support for using GSSAPI in the user authentication step, this is inadequate for many sites, as it doesn't provide a mechanism for using
2011 Jan 01
0
New release of GSSAPI Key Exchange patch
[ If you're not familiar with the GSSAPI key exchange patches, or unsure why they make OpenSSH usable in large Kerberos deployments, http://www.sxw.org.uk/computing/patches/openssh.html contains some background information ] Regular readers of these emails will be aware that they've recently all begun with apologies for the delay in producing the patch - this has been down to a poor tool
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2020 Jul 16
0
Authentication with trusted credentials
Hai, I dont use trusts myself, this is what i see. Lets take small steps here. First of all, why does the DOMAIN contains/shows a dot in it. ( i think its a wrong setting in sssd, but i dont know sssd ) I know this is one of your REALMs and not the domain. I refer to : https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and
2008 Feb 22
0
lustre error
Dear All, Yesterday evening or cluster has stopped. Two of our nodes tried to take the resource from each other, they haven''t seen the other side, if I saw well. I stopped heartbeat, resources, start it again, and back to online, worked fine. This morning I saw this in logs: Feb 22 03:25:07 node4 kernel: Lustre: 7:0:(linux-debug.c:98:libcfs_run_upcall()) Invoked LNET upcall
2020 Jul 14
3
Authentication with trusted credentials
Hai, ? Sorry for the late(r) reply but we all need to sleep also sometimes.? ;-) note, i saw its fixed, but i'll do comment a bit through your replies. ? ? mainly because of this part ? this part.? (Sended: monday 13 juli 2020 18:51) > net ads join -U administrator at SVITLA3.ROOM > Enter administrator at SVITLA3.ROOM's password: > Using short domain name -- SVITLA3 >