similar to: Kerberos/GSSAPI auth via .k5login file

Displaying 20 results from an estimated 200 matches similar to: "Kerberos/GSSAPI auth via .k5login file"

2012 Jun 04
3
Update .k5login with Puppet
Hi, can you anyone suggest me how can i update .k5login to append new entry or remove existing line when i tried using k5login { ''/root/.k5login'': ensure => present, path => ''/root/.k5login'', principals => ''dhaval@MYREALM.COM'', } it completelty removes all lines form k5login and put
2013 Jan 16
5
[Bug 2063] New: RFE: export principal which was used for .k5login
https://bugzilla.mindrot.org/show_bug.cgi?id=2063 Bug ID: 2063 Summary: RFE: export principal which was used for .k5login Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:
2013 May 09
1
Crossrealm Kerberos problems
I am running dovecot 2.1.7 on Debian Squeeze 64 bit, config information at the end of the email. I am working on a Kerberos/GSSAPI based setup that requires cross-realm authentication. I have regular GSSAPI working, I can log in using pam_krb5 with password based logins or with the GSSAPI support when using a kerberos ticket in the default realm. However when I attempt to authenticate using
2001 Jun 28
1
Adding 'name' key types
Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide
2019 Oct 04
2
authorized_principals for Kerberos authentication
Hello, SSH supports ~/.ssh/authorzied_keys for SSH keys and ~/.ssh/authorized_principals for X509 certs. I could not find an equivalent of authorzied_keys using Kerberos authentication. IMHO it should be possible using the Kerberos principal very much like the principal contained inside a X509 certificate. My main use case is assigning a specific command to a user logging in using Kerberos
2009 Nov 23
1
Anonymous SSL Ciphers
Everyone, I am having an issue with getting anonymous ssl ciphers disabled in dovecot. I have googled like crazy to find the solution with no help. Here is my doveconf -n # 1.2.5: /etc/dovecot.conf # OS: Linux 2.6.18-92.el5 x86_64 CentOS release 5.2 (Final) nfs log_path: /var/log/dovecot ssl_cert_file: /etc/ssl/islandemail.com.wild.cert ssl_key_file: /etc/ssl/islandemail.com.wild.key
2006 Nov 07
1
Store outgoing mail in users mailbox
This might be a MTA question, but because I use Dovecot as an LDA, maybe some can help me here. Our users would like that outgoing mail is automatically saved in some folder, say Sent. We use Postfix with virtual domains, Maildir and Dovecot+Sieve as LDA. Outgoing mail is relayed by our imap-server (with authentification of course, no open relay). Most people seem to advice Postfix
2020 Jul 23
1
krb5_kt_start_seq_get failed (Permission denied)
Try this : #source: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1484262 Add in /etc/krb5.conf in [libdefaults] ignore_k5login = true Did it help? If (as in my case) root is not allowed in the user homdirs it can validateon $HOME/.k5login Above fixed it for me. I only cant tell based on the config if this applies to you. Its a simple thing to try. Greetz, Louis
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and other principal names in authorized_keys entries. It's a sort of replacement for .klogin and .k5login, but it's much more general than .k*login as it applies to any authentication mechanism where a name is associated with the ssh client and it supports name patterns and all the normal authorized_keys entry options
2011 Oct 19
5
doveadm segfaults on TCP connect - version 2.0.15
Hi list, I just recently installed Dovecot 2.0.15. Unfortunately, doveadm segfaults when I attempt to connect to the local dovecot instance. When this occurs, my logs show: 2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client not compatible with this server (mixed old and new binaries?) I am using the settings listed on the wiki page http://wiki2.dovecot.org/Director [root
2009 Nov 05
2
Worker-server timeout
Hello Everyone, First wanted to say thanks for any help in advance. I have a clustered mail system each running on centos 5.2. I have a test box that I am running the newest version on dovecot on and I am getting some random authnication failed errors. Here is the error below: Nov 04 17:31:22 auth(default): Error: worker-server(xxx at xxxx.com): Aborted: Lookup timed out Nov 04 17:31:23
2007 Sep 30
2
Central principal->user@host management?
[Apologies if this is an off-topic question; please direct me to a more appropriate place if so.] Using Kerberos/GSSAPIAuthentication, is there a way to centrally control/manage (perhaps using LDAP?) which user principals can log into what hosts/accounts? -- Jos Backus jos at catnook.com
2014 Feb 20
0
samba4 success/failure report...all's working despite kerberized ssh
Just a tip... is all server have same time ? not sure that will help you.. ----------------------------------- St?phane PURNELLE Admin. Syst?mes et R?seaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-technical-bounces at lists.samba.org wrote on 20/02/2014 10:46:38: > De : Georg Hopp <georg at steffers.org> > A : Sumit
2006 Aug 28
10
Templates and arrays
I''m in the process of documenting templates right now, and I figured I should see what happens when you use them with arrays: $ cat ~/bin/test.pp $values = [this, is, an, array, of, values] $content = template("/tmp/templates/testing.erb") file { "/tmp/temtest": content => $content } $ cat /tmp/templates/testing.erb <% values.each do |val| %> I got
2018 Oct 10
1
NFSv4, homes, Kerberos...
Thank you for that, i did have a good look at that one. And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine. Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled. And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny
2011 Apr 21
6
ssh_authorized_key fails when home directory doesn't exist
Here is my situation: 1. We use Active directory (LDAP) to store all user info which is retrieved from linux 2. A home directory is not created until the first time the user logs into the linux system I am using the ssh_authorized_key type to push out my ssh keys to every system. However, because I haven''t logged into every system at least once. Puppet errors out due to a missing
2005 Jul 07
2
openssh and kerb 1.4.1 not so happy together
Folks, I seem to have a problem when I upgraded our kerberos from 1.3.1 to 1.4.1 (MIT krb 5), all of a sudden I can't ssh as another user. i.e. ssh host works but ssh joe at host doesn't work. Same with scp's. I've tried recompiling ssh (even though the so-name of kerb libs didn't change), but it didn't work, and still no go... I'm using openssh 3.9p1 on Solaris
2005 Nov 27
3
OpenSSH and Kerberos / Active Directory authentication problems: Credentials cache permission incorrect / No Credentials Cache found
Greetings, I'm working on the infrastructure of a medium size client/server environment using an Active Directory running on Windows Server 2003 for central authentication of users on linux clients. Additionally OpenAFS is running using Kerberos authentication through Active Directory as well. Now I want to grant users remote access to their AFS data by logging in into a central OpenSSH
2002 Jan 25
0
[Bug 78] New: Support use of named (krb4, krb5, gsi, x.509) keys in auth_keys entries
http://bugzilla.mindrot.org/show_bug.cgi?id=78 Summary: Support use of named (krb4, krb5, gsi, x.509) keys in auth_keys entries Product: Portable OpenSSH Version: 3.0.2p1 Platform: All URL: http://marc.theaimsgroup.com/?l=openssh-unix- dev&m=101189381805982&w=2 OS/Version: All
2009 Mar 03
0
GSSAPI cross-realm still broken
I've been trying to track down some problems with Dovecot in a Kerberos 5 cross-realm environment, and there seem to be a few issues. LOGIN/PLAIN work fine using pam_krb5, but GSSAPI is a bit harder to handle. On line 436 of src/auth/mech-gssapi.c, the authn_name and the authz_name are compared using gss_compare_name. This dates back to the message at: