similar to: pubkey fingerprint and krb princ name in environment

Displaying 20 results from an estimated 400 matches similar to: "pubkey fingerprint and krb princ name in environment"

2015 Jun 30
2
how is the sha fingerprint generated?
You really don't need openssl for that. And the fingerprints are simple. Here is a python script that do the same as ssh-keygen -fl /path/to/key : #!/usr/bin/env python3 import binascii import hashlib import sys if __name__ == "__main__": key = binascii.a2b_base64(sys.argv[1]) if sys.argv[2] == "md5": m = hashlib.new("md5")
2015 Jun 30
3
how is the sha fingerprint generated?
% cat ext_rsa.pub| sed -r 's/.*(AAAA[^ ]+).*/\1/' | sha256sum ~/.ssh swlap1 d4bf8b06f2d9d9af7a11583a5367205ed310a84f0dee68d062e2ddca1e85c3ff - % ssh-keygen -lf ext_rsa.pub ~/.ssh swlap1 8192 SHA256:FgrfxmdjTM/j4wwRa7nVdPSUaJdqHYMJtJ6aciPl9ug swilson at swlap1 (RSA) Why do those differ and how would i generate the equivalent (mainly just curious)? I've also tried base64 and a
2017 Jan 06
2
[PATCH] Set KRB5PRINCIPAL in user environment
Hey, On 05/01, Jakub Jelen wrote: >On 01/04/2017 10:57 AM, Johannes L?thberg wrote: >>Signed-off-by: Johannes L?thberg <johannes at kyriasis.com> >>--- >> gss-serv-krb5.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >>diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c >>index 795992d9..a12bb244 100644 >>--- a/gss-serv-krb5.c >>+++
2017 Jan 04
2
[PATCH] Set KRB5PRINCIPAL in user environment
Signed-off-by: Johannes L?thberg <johannes at kyriasis.com> --- gss-serv-krb5.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 795992d9..a12bb244 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -106,6 +106,11 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) } else retval = 0; +#ifdef USE_PAM + if
2015 Mar 26
3
FYI: SSH1 now disabled at compile-time by default
On 26/03, Nico Kadel-Garcia wrote: >Yanking it out wholesale should be part of a 7.0 build, not an >incremental release. That's a major incompatibility with one heck of a >lot of existing code, much of which is on extended support. > And it?s been said multiple times in this thread that the OpenSSH version number is just a incrementing decimal number, it doesn?t have any major
2018 Mar 16
2
[PATCH] Set KRB5PRINCIPAL in user environment
Hello There is no reply about this demand since the firt proposition has if nobody in dev team cares about it :( Strange ... Le 14 mars 2018 20:39:53 GMT+01:00, "Johannes L?thberg" <johannes at kyriasis.com> a ?crit : >Quoting Johannes L?thberg (2017-01-06 02:34:43) >> >this change request is already tracked as a bug #2063 [1] (with the >> >related
2015 Mar 25
3
FYI: SSH1 now disabled at compile-time by default
On Wed, 2015-03-25 at 18:48 +1100, Damien Miller wrote: > Our ability to influence people who run truly obsolete software is > extremely limited. +1, mostly because those who still use something that outdated in their products are either dead, or simply don't care about their customer's security (which is typical in the embedded devices area). Just by us (or anyone else) saying
2013 Mar 24
6
[Bug 2082] New: Please add pubkey fingerprint to authentication log message
https://bugzilla.mindrot.org/show_bug.cgi?id=2082 Bug ID: 2082 Summary: Please add pubkey fingerprint to authentication log message Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5
2006 Oct 31
0
6403208 kadmin.local -q ''cpw -randkey <princ>'' not using all supported enctypes
Author: willf Repository: /hg/zfs-crypto/gate Revision: efc14bf5fbfc26ff040aab6292cb3b1d7b6334aa Log message: 6403208 kadmin.local -q ''cpw -randkey <princ>'' not using all supported enctypes Files: update: usr/src/cmd/krb5/kadmin/cli/kadmin.c
2005 Aug 11
0
What is the right script: W2K AD, Solaris8-SMB/KRB/LDAP, Win Clients?
I'm so confused about the use of Samba. This is my situation: I have one Win2k domain with Active Directory. The main network has only one PDC, but in others networks I have 5 servers more, all under the same main domain (I don't have subdomains). I need to put some files in a Solaris 8 and 9 servers that Win2kPro and WinXP can to access, with its domain accounts. Aditionally, I
2013 Feb 08
0
smbclient fails to connect wuth krb + signing
Dear all, I hope you could assist me in finding a problem with samba and krb connects when packet signing is activated in a domain. I have a samba server as a AD 2k3 domain member and the connects are working well, but when I try to use krb auth to connect to another Windows server in the network I get an error. Thanks a lot --- smbclient -d5 -U micha -k -L //gunter/software ... session
2016 Mar 31
0
NFSv4 / Krb / wildcard in keytab
On Thu, 31 Mar 2016, Service Informatique IF wrote: > The problem for us is to join computer automatically to Samba : Maybe > you have a solution ? (without passwd) It's not exactly without password, but if you are building your own machines via kickstart or similar and just want to automate the join, you can do a "net ads join -UAdministrator%password". In theory you
2017 Mar 24
0
kinit clock skew issue from same machine as krb server
I've been running Samba 4x on FreeBSD successfully for years with a single Active Directory domain controller but have recently added a second domain controller. The setup worked great for a few days but suddenly developed a series of permission-denied style errors and UID mapping errors on the new/second DC2 which I've been slowly working through. My current issue which I've been
2018 May 11
3
Bind_DLZ krb errors @ startup.
On Fri, 11 May 2018 14:14:39 +0000 Kristján Valur Jónsson via samba <samba at lists.samba.org> wrote: > I"m seeing this as well, after I updated my CentOS 7 hosts to the > latest release. > Something seems to have broken! > Do you have a 'include' line in krb5.conf ? If you do, remove it. Rowland
2018 May 11
0
Bind_DLZ krb errors @ startup.
On Fri, 11 May 2018, Rowland Penny via samba wrote: > On Fri, 11 May 2018 14:14:39 +0000 > Kristj?n Valur J?nsson via samba <samba at lists.samba.org> wrote: > >> I"m seeing this as well, after I updated my CentOS 7 hosts to the >> latest release. >> Something seems to have broken! >> > > Do you have a 'include' line in krb5.conf ? > If
2018 May 11
1
Bind_DLZ krb errors @ startup.
On Fri, 11 May 2018 16:17:57 -0400 (EDT) me at tdiehl.org wrote: > > I am curious, do you have any idea why having an include line in > krb5.conf pointing to an empty directory might impact the operation? > I would expect it to just ignore it unless something put something in > it. > It is a MIT thing which Heimdal knows nothing about and confuses it. ;-) Rowland
2003 Jun 28
2
Hardcoded krb reference in ports/postfix
Hi, There's a hardcoded reference to /usr/lib/libkrb.a in Makefile.inc. Is there a special reason, that there's no knob but a file check? AFAIK - my /usr/lib/libkrb.a stems from the 4.2-RELEASE cd install I started this comp with (it's dated Nov 2000) and thus hasn't been updated since and any linkage with it, results in undefined des(3) references. Since sysutils/libchk
2011 Nov 08
1
Issue with compile of 3.5.12 -- krb related
After compiling samba 3.5.12 from source on CentOS 5.7, I test the configuration with 'testparm lib/smb.conf' and I get the following output WARNING: Ignoring invalid value 'ADS' for parameter 'security' Unknown parameter encountered: "realm" Ignoring unknown parameter "realm" I figured this might be due to a compile problem and I re-checked the
2005 Jul 28
1
using pam_winbind to authenticate against AD/krb
hey all, after following the directions in the "FreeBSD Active Directory Domain Member Mini-HOWTO" http://web.irtnog.org/howtos/freebsd/winbind i am able to get my machine to the point where i can query users with 'wbinfo': $ wbinfo -u|grep galbrecht galbrecht i am unable, however, to login to my machine using any service, telnet for example: $ telnet -K localhost
2004 Jan 01
1
Syncing sshd/krb GetAFSToken change to Portable: help wanted
Hi All. Recently a change was merged from OpenBSD's sshd into Portable that implements a KerberosGetAFSToken option (patchset attached). This change causes compile errors with both MIT Kerberos and Heimdal (errors when compiled with MIT Kerberos below). I've figured out that the functions called in the new code are in Heimdal's libkafs, so adding -lkafs to the start for the