similar to: pubkey fingerprint and krb princ name in environment

You really don't need openssl for that. And the fingerprints are simple. Here is a python script that do the same as ssh-keygen -fl /path/to/key : #!/usr/bin/env python3 import binascii import hashlib import sys if __name__ == "__main__": key = binascii.a2b_base64(sys.argv[1]) if sys.argv[2] == "md5": m = hashlib.new("md5")

% cat ext_rsa.pub| sed -r 's/.*(AAAA[^ ]+).*/\1/' | sha256sum ~/.ssh swlap1 d4bf8b06f2d9d9af7a11583a5367205ed310a84f0dee68d062e2ddca1e85c3ff - % ssh-keygen -lf ext_rsa.pub ~/.ssh swlap1 8192 SHA256:FgrfxmdjTM/j4wwRa7nVdPSUaJdqHYMJtJ6aciPl9ug swilson at swlap1 (RSA) Why do those differ and how would i generate the equivalent (mainly just curious)? I've also tried base64 and a

Hey, On 05/01, Jakub Jelen wrote: >On 01/04/2017 10:57 AM, Johannes L?thberg wrote: >>Signed-off-by: Johannes L?thberg <johannes at kyriasis.com> >>--- >> gss-serv-krb5.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >>diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c >>index 795992d9..a12bb244 100644 >>--- a/gss-serv-krb5.c >>+++

Signed-off-by: Johannes L?thberg <johannes at kyriasis.com> --- gss-serv-krb5.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 795992d9..a12bb244 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -106,6 +106,11 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) } else retval = 0; +#ifdef USE_PAM + if

On 26/03, Nico Kadel-Garcia wrote: >Yanking it out wholesale should be part of a 7.0 build, not an >incremental release. That's a major incompatibility with one heck of a >lot of existing code, much of which is on extended support. > And it?s been said multiple times in this thread that the OpenSSH version number is just a incrementing decimal number, it doesn?t have any major

Hello There is no reply about this demand since the firt proposition has if nobody in dev team cares about it :( Strange ... Le 14 mars 2018 20:39:53 GMT+01:00, "Johannes L?thberg" <johannes at kyriasis.com> a ?crit : >Quoting Johannes L?thberg (2017-01-06 02:34:43) >> >this change request is already tracked as a bug #2063 [1] (with the >> >related

On Wed, 2015-03-25 at 18:48 +1100, Damien Miller wrote: > Our ability to influence people who run truly obsolete software is > extremely limited. +1, mostly because those who still use something that outdated in their products are either dead, or simply don't care about their customer's security (which is typical in the embedded devices area). Just by us (or anyone else) saying

https://bugzilla.mindrot.org/show_bug.cgi?id=2082 Bug ID: 2082 Summary: Please add pubkey fingerprint to authentication log message Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

Author: willf Repository: /hg/zfs-crypto/gate Revision: efc14bf5fbfc26ff040aab6292cb3b1d7b6334aa Log message: 6403208 kadmin.local -q ''cpw -randkey <princ>'' not using all supported enctypes Files: update: usr/src/cmd/krb5/kadmin/cli/kadmin.c

I'm so confused about the use of Samba. This is my situation: I have one Win2k domain with Active Directory. The main network has only one PDC, but in others networks I have 5 servers more, all under the same main domain (I don't have subdomains). I need to put some files in a Solaris 8 and 9 servers that Win2kPro and WinXP can to access, with its domain accounts. Aditionally, I

Dear all, I hope you could assist me in finding a problem with samba and krb connects when packet signing is activated in a domain. I have a samba server as a AD 2k3 domain member and the connects are working well, but when I try to use krb auth to connect to another Windows server in the network I get an error. Thanks a lot --- smbclient -d5 -U micha -k -L //gunter/software ... session

On Thu, 31 Mar 2016, Service Informatique IF wrote: > The problem for us is to join computer automatically to Samba : Maybe > you have a solution ? (without passwd) It's not exactly without password, but if you are building your own machines via kickstart or similar and just want to automate the join, you can do a "net ads join -UAdministrator%password". In theory you

I've been running Samba 4x on FreeBSD successfully for years with a single Active Directory domain controller but have recently added a second domain controller. The setup worked great for a few days but suddenly developed a series of permission-denied style errors and UID mapping errors on the new/second DC2 which I've been slowly working through. My current issue which I've been

On Fri, 11 May 2018 14:14:39 +0000 Kristján Valur Jónsson via samba <samba at lists.samba.org> wrote: > I"m seeing this as well, after I updated my CentOS 7 hosts to the > latest release. > Something seems to have broken! > Do you have a 'include' line in krb5.conf ? If you do, remove it. Rowland

On Fri, 11 May 2018, Rowland Penny via samba wrote: > On Fri, 11 May 2018 14:14:39 +0000 > Kristj?n Valur J?nsson via samba <samba at lists.samba.org> wrote: > >> I"m seeing this as well, after I updated my CentOS 7 hosts to the >> latest release. >> Something seems to have broken! >> > > Do you have a 'include' line in krb5.conf ? > If

On Fri, 11 May 2018 16:17:57 -0400 (EDT) me at tdiehl.org wrote: > > I am curious, do you have any idea why having an include line in > krb5.conf pointing to an empty directory might impact the operation? > I would expect it to just ignore it unless something put something in > it. > It is a MIT thing which Heimdal knows nothing about and confuses it. ;-) Rowland

Hi, There's a hardcoded reference to /usr/lib/libkrb.a in Makefile.inc. Is there a special reason, that there's no knob but a file check? AFAIK - my /usr/lib/libkrb.a stems from the 4.2-RELEASE cd install I started this comp with (it's dated Nov 2000) and thus hasn't been updated since and any linkage with it, results in undefined des(3) references. Since sysutils/libchk

After compiling samba 3.5.12 from source on CentOS 5.7, I test the configuration with 'testparm lib/smb.conf' and I get the following output WARNING: Ignoring invalid value 'ADS' for parameter 'security' Unknown parameter encountered: "realm" Ignoring unknown parameter "realm" I figured this might be due to a compile problem and I re-checked the

hey all, after following the directions in the "FreeBSD Active Directory Domain Member Mini-HOWTO" http://web.irtnog.org/howtos/freebsd/winbind i am able to get my machine to the point where i can query users with 'wbinfo': $ wbinfo -u|grep galbrecht galbrecht i am unable, however, to login to my machine using any service, telnet for example: $ telnet -K localhost

Hi All. Recently a change was merged from OpenBSD's sshd into Portable that implements a KerberosGetAFSToken option (patchset attached). This change causes compile errors with both MIT Kerberos and Heimdal (errors when compiled with MIT Kerberos below). I've figured out that the functions called in the new code are in Heimdal's libkafs, so adding -lkafs to the start for the