similar to: Kerberos5 / Heimdal

Hello all, I'm not able to get Kerberos5 authenticarion work together with PrivSep. According to strace, it seems that the kerberos authentication stage is performed by the user process in chrooted enviroment. The problem is that Kerberos authentication must be done by root. Is anybody working on a fix? (or am I missing something in configuration?) Thanks for any advice. -- Dan

I've been installing OpenSSH 2.9p2 onto several RedHat Linux machines, after compiling in the GSSAPI/Kerberos5 patch from here: http://www.sxw.org.uk/computing/patches/openssh.html I've been using ssh both to let users in via passwords and Kerberos tickets, and both have been working fine... except for one irritating machine, which (for no good reason I can see) fails when using kerberos

Hello, I have two issues with Kerberos administration using Samba and this results from my lack of familiarity with it. I am hoping someone can point me in the right direction. The first issue is with automatically renewing the Kerberos tickets. The second issue deals with my having to authenticate each time I attempt to join an AD domain. The Samba documentation indicates that I should *not*

In our environ, there are several services that are deployed via an NFS mount, so that the executables and configs are consistent across the board. Is there any reason why this couldn''t be done with Puppet? For example, each individual system would contain its own /etc/puppet and rc.d and pid files -- but the primary deployment would come from NFS. For that matter, as Enterprise

We have resources that, from time to time, are selected to be removed (unmanaged). When it comes to ssh keys, fstab... this leaves a lot of stuff behind that we don''t want. Is there a simple way to remove the unmanaged data so we can keep the systems clean. Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post

Hi, during some big discussions in the last monts on various lists, one of the problems was that some people would like to use freebsd-update but can't as they are using a custom kernel. With all the kernel modules we provide, the need for a custom kernel should be small, but on the other hand, we do not provide a small kernel-skeleton where you can load just the modules you need.

I have a requirement to manage membership to groups in /etc/group. These members do not need to be virtual users. I don''t see a way to do this through virtual users @group. How are others doing this? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To

Hi! I ran into a problem with programs exec:ed by print/acroread8 picking up Linux libraries and thus failed to run. This includes the print program in the print dialogue and the browser configured in edit/preferences/internet. The reason is that the acroread launch script sets LD_LIBRARY_PATH which is propagated to its childs. See this PR:

Hi Colin! I would like to know, that these following "vulnerabilities" does affect FreeBSD's reliability? If the answer is "yes", what version of FreeBSD affected, when will be fixed, etc. http://projects.info-pull.com/moab/MOAB-12-01-2007.html http://projects.info-pull.com/moab/MOAB-10-01-2007.html Thank you! -- kobi

I did ./configure make make install I got no errors, but it doesn't seem to have installed everything I need. Swat won't start. It didn't put an smb.conf file in /etc/samba (it didn't even create this folder) or /usr/local/samba/lib/. When I run testparm, I get Segmentation fault as my only output. Even if I create an smb.conf and run testparm on that file I get the exact

For the last few system builds, I've noticed that the variable in /etc/make.conf NO_MAILWRAPPER=true is being ignored, resulting in my sendmail (different than stock version) being overwritten. This applies to 4.8-STABLE; is this a known issue.

On Nov 4, 2006, at 8:30 AM, Wesley Shields <wxs@atarininja.org> wrote: > > On Fri, Nov 03, 2006 at 07:54:59AM -0800, Ricardo A. Reis wrote: > [...] >> In the II COLARIS - Joanna Rutkowska alert the possible >> new technology of Malware's using hardware virtualization, present >> in AMD and INTEL new processor. >> >> I've two questions ...

I read somewhere recently about problems with Puppet and Ruby 1.9. I''m wondering if this is still an issue? Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For

http://bugzilla.mindrot.org/show_bug.cgi?id=1078 Summary: passing --without-kerberos5 still checks for some kerberos support Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo:

TB --- 2013-11-25 17:30:12 - tinderbox 2.20 running on freebsd-legacy2.sentex.ca TB --- 2013-11-25 17:30:12 - FreeBSD freebsd-legacy2.sentex.ca 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root at farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 TB --- 2013-11-25 17:30:12 - starting RELENG_8 tinderbox run for i386/i386 TB --- 2013-11-25 17:30:12 -

Hi everyone! I've googled alot for this, and found *some* people with similar questions, but there was no answer if this is a bug in samba, a misconfiguration, or what? I have a win2000 active directory Server (wurzel.baum.local), a samba 2.2.3a on debian stable/woody (stamm.baum.local), security = user, a samba 3.0.1 on debian testing/Sarge (blatt1.baum.local) and a windowsxp machine joined

Hi all, I have a debian linux lenny 5.0 server with samba (version 3.2.5-4lenny14) on it. I want to create a cifs share which uses Active Directory authentication. In all howto's i read that i need kerberos5 to do this, so I installed krb5-user, krb5-config and libkrb53. I edited /etc/krb5.conf to my domain etc. Everything works like it should. BUT i noticed a file in

Our shop is newly adopting puppet. Our number of nodes is growing and my installation method is thus far manual and tedious. This will change when/if we migrate to Puppet Enterprise. My question is what''s a best practice for managing puppet installations on client nodes? Is it possible to separate out the client portion of the install from the server or is that now fully

Hello freebsd-security! What is the best way to authenticate remote ssh users transparantly without typing the kinit and kdestroy commands? Using pam_krb5 works satisfactorily for local logins but makes it crooked for remote ssh ones. The comp.protocols.kerberos and comp.security.ssh newsgroups and the pam-krb5-users maillist confirm this assertion. As far as I understood that using kerberized

Hi, allow me another question. Is it planned or already implemented to support gssapi with mount.cifs? Regards, Timo