Displaying 20 results from an estimated 200 matches similar to: "Kerberos/GSSAPI auth via .k5login file"
2012 Jun 04
3
Update .k5login with Puppet
Hi,
can you anyone suggest me how can i update .k5login to append new entry or
remove existing line
when i tried using
k5login { ''/root/.k5login'':
ensure => present,
path => ''/root/.k5login'',
principals => ''dhaval@MYREALM.COM'',
}
it completelty removes all lines form k5login and put
2013 Jan 16
5
[Bug 2063] New: RFE: export principal which was used for .k5login
https://bugzilla.mindrot.org/show_bug.cgi?id=2063
Bug ID: 2063
Summary: RFE: export principal which was used for .k5login
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2013 May 09
1
Crossrealm Kerberos problems
I am running dovecot 2.1.7 on Debian Squeeze 64 bit, config information
at the end of the email.
I am working on a Kerberos/GSSAPI based setup that requires cross-realm
authentication. I have regular GSSAPI working, I can log in using
pam_krb5 with password based logins or with the GSSAPI support when
using a kerberos ticket in the default realm.
However when I attempt to authenticate using
2001 Jun 28
1
Adding 'name' key types
Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I
noticed that there is a bit of functionality missing from
OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using
GSS authentication.
Yes, ~/.k5login can be used to grant access to an account for
applications that support Kerberos, as does OpenSSH with those GSS
patches, but .k5login does not and cannot provide
2019 Oct 04
2
authorized_principals for Kerberos authentication
Hello,
SSH supports ~/.ssh/authorzied_keys for SSH keys and
~/.ssh/authorized_principals for X509 certs.
I could not find an equivalent of authorzied_keys
using Kerberos authentication.
IMHO it should be possible using the Kerberos principal
very much like the principal contained inside a X509
certificate.
My main use case is assigning a specific command to
a user logging in using Kerberos
2009 Nov 23
1
Anonymous SSL Ciphers
Everyone,
I am having an issue with getting anonymous ssl ciphers disabled in dovecot. I have googled like crazy to find the solution with no help.
Here is my doveconf -n
# 1.2.5: /etc/dovecot.conf
# OS: Linux 2.6.18-92.el5 x86_64 CentOS release 5.2 (Final) nfs
log_path: /var/log/dovecot
ssl_cert_file: /etc/ssl/islandemail.com.wild.cert
ssl_key_file: /etc/ssl/islandemail.com.wild.key
2006 Nov 07
1
Store outgoing mail in users mailbox
This might be a MTA question, but because I use Dovecot as an LDA, maybe
some can help me here.
Our users would like that outgoing mail is automatically saved in some
folder, say Sent. We use Postfix with virtual domains, Maildir and
Dovecot+Sieve as LDA. Outgoing mail is relayed by our imap-server (with
authentification of course, no open relay).
Most people seem to advice Postfix
2020 Jul 23
1
krb5_kt_start_seq_get failed (Permission denied)
Try this :
#source: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1484262
Add in /etc/krb5.conf in [libdefaults]
ignore_k5login = true
Did it help?
If (as in my case) root is not allowed in the user homdirs it can validateon $HOME/.k5login
Above fixed it for me.
I only cant tell based on the config if this applies to you.
Its a simple thing to try.
Greetz,
Louis
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and
other principal names in authorized_keys entries.
It's a sort of replacement for .klogin and .k5login, but it's much more
general than .k*login as it applies to any authentication mechanism
where a name is associated with the ssh client and it supports name
patterns and all the normal authorized_keys entry options
2011 Oct 19
5
doveadm segfaults on TCP connect - version 2.0.15
Hi list,
I just recently installed Dovecot 2.0.15. Unfortunately, doveadm segfaults
when I attempt to connect to the local dovecot instance. When this occurs,
my logs show:
2011-10-19T12:31:23-07:00 mail02 dovecot: doveadm: Error: doveadm client
not compatible with this server (mixed old and new binaries?)
I am using the settings listed on the wiki page
http://wiki2.dovecot.org/Director
[root
2009 Nov 05
2
Worker-server timeout
Hello Everyone,
First wanted to say thanks for any help in advance.
I have a clustered mail system each running on centos 5.2. I have a
test box that I am running the newest version on dovecot on and I am
getting some random authnication failed errors. Here is the error below:
Nov 04 17:31:22 auth(default): Error: worker-server(xxx at xxxx.com):
Aborted: Lookup timed out
Nov 04 17:31:23
2007 Sep 30
2
Central principal->user@host management?
[Apologies if this is an off-topic question; please direct me to a more
appropriate place if so.]
Using Kerberos/GSSAPIAuthentication, is there a way to centrally
control/manage (perhaps using LDAP?) which user principals can log into what
hosts/accounts?
--
Jos Backus
jos at catnook.com
2014 Feb 20
0
samba4 success/failure report...all's working despite kerberized ssh
Just a tip...
is all server have same time ?
not sure that will help you..
-----------------------------------
St?phane PURNELLE Admin. Syst?mes et R?seaux
Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
samba-technical-bounces at lists.samba.org wrote on 20/02/2014 10:46:38:
> De : Georg Hopp <georg at steffers.org>
> A : Sumit
2006 Aug 28
10
Templates and arrays
I''m in the process of documenting templates right now, and I figured
I should see what happens when you use them with arrays:
$ cat ~/bin/test.pp
$values = [this, is, an, array, of, values]
$content = template("/tmp/templates/testing.erb")
file { "/tmp/temtest": content => $content }
$ cat /tmp/templates/testing.erb
<% values.each do |val| %>
I got
2018 Oct 10
1
NFSv4, homes, Kerberos...
Thank you for that, i did have a good look at that one.
And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine.
Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled.
And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny
2011 Apr 21
6
ssh_authorized_key fails when home directory doesn't exist
Here is my situation:
1. We use Active directory (LDAP) to store all user info which is retrieved from linux
2. A home directory is not created until the first time the user logs into the linux system
I am using the ssh_authorized_key type to push out my ssh keys to every system. However, because I haven''t logged into every system at least once. Puppet errors out due to a missing
2005 Jul 07
2
openssh and kerb 1.4.1 not so happy together
Folks,
I seem to have a problem when I upgraded our kerberos from 1.3.1 to 1.4.1 (MIT
krb 5), all of a sudden I can't ssh as another user.
i.e.
ssh host
works but
ssh joe at host
doesn't work. Same with scp's.
I've tried recompiling ssh (even though the so-name of kerb libs didn't
change), but it didn't work, and still no go... I'm using openssh 3.9p1 on
Solaris
2005 Nov 27
3
OpenSSH and Kerberos / Active Directory authentication problems: Credentials cache permission incorrect / No Credentials Cache found
Greetings,
I'm working on the infrastructure of a medium size client/server
environment using an Active Directory running on Windows Server 2003 for
central authentication of users on linux clients.
Additionally OpenAFS is running using Kerberos authentication through
Active Directory as well.
Now I want to grant users remote access to their AFS data by logging in
into a central OpenSSH
2002 Jan 25
0
[Bug 78] New: Support use of named (krb4, krb5, gsi, x.509) keys in auth_keys entries
http://bugzilla.mindrot.org/show_bug.cgi?id=78
Summary: Support use of named (krb4, krb5, gsi, x.509) keys in
auth_keys entries
Product: Portable OpenSSH
Version: 3.0.2p1
Platform: All
URL: http://marc.theaimsgroup.com/?l=openssh-unix-
dev&m=101189381805982&w=2
OS/Version: All
2009 Mar 03
0
GSSAPI cross-realm still broken
I've been trying to track down some problems with Dovecot in a Kerberos
5 cross-realm environment, and there seem to be a few issues.
LOGIN/PLAIN work fine using pam_krb5, but GSSAPI is a bit harder to
handle.
On line 436 of src/auth/mech-gssapi.c, the authn_name and the
authz_name are compared using gss_compare_name. This dates back to the
message at: