similar to: Anonymous

I have an AD with two Debian Stretch Samba 4.5.12 DCs. The Samba and Heimdal Kerberos 7.1.0 packages are installed from Debian repositories. Management is done from MS-RSAT installed on a Windows 7 Pro client. When I select the option "Account is sensitive and cannot be delegated" (in Active Directory Users and Computers under the Account tab) for a user account regardless of its

On 6/1/2018 23:55, Andrew Bartlett wrote: > On Sat, 2018-01-06 at 11:11 +0000, Antonios Kalkakos via samba wrote: >> I have an AD with two Debian Stretch Samba 4.5.12 DCs. The Samba and Heimdal Kerberos 7.1.0 packages are installed from Debian repositories. Management is done from MS-RSAT installed on a Windows 7 Pro client. >> >> When I select the option "Account is

On Sat, 2018-01-06 at 11:11 +0000, Antonios Kalkakos via samba wrote: > I have an AD with two Debian Stretch Samba 4.5.12 DCs. The Samba and Heimdal Kerberos 7.1.0 packages are installed from Debian repositories. Management is done from MS-RSAT installed on a Windows 7 Pro client. > > When I select the option "Account is sensitive and cannot be delegated" (in Active Directory

On Wed, 2018-01-31 at 16:15 +0000, Antonios Kalkakos wrote: > On 6/1/2018 23:55, Andrew Bartlett wrote: > > On Sat, 2018-01-06 at 11:11 +0000, Antonios Kalkakos via samba wrote: > > > I have an AD with two Debian Stretch Samba 4.5.12 DCs. The Samba and Heimdal Kerberos 7.1.0 packages are installed from Debian repositories. Management is done from MS-RSAT installed on a Windows 7

Client: Windows XP pro, in an AD 2003 domain, running SecureCRT 4.1.11. I've also got MIT Kerberos for Windows installed on the client, and Leash shows that my tickets ARE forwardable. Server: Solaris 8 Sparc server, with MIT Kerberos (krb5-1.4.1), and OpenSSH 4.0p1. I've created two AD accounts, and extracted keys mapped to "host/hostname.domainname.com at REALM.COM" and

Dear useRs, I got stuck trying to generate a palette of topographic colors that would satisfy these two requirements: - the pallete must be 'anchored' at 0 (just like on a map), with light blue/lawn green corresponding to data values close to 0 (dark blue to light blue for negative values, green-yellow-brown for positive values) - the brown must get darker for higher positive

Alon, I should have provided more background. You are assuming that I could perform the PKINIT prior to connecting to the SSH server. In this case (and others) there is an interest in not exposing the kerberos servers to the world and thus someone connecting remotely would not be able to obtain a TGT or do a PKINIT. The goal would be for SSH to handle all the auth and only after connecting to

Hey all, perhaps someone might be able to shed a little light on this problem. Nothing I find in books and groups seem to address the problem. I'm trying to set up a series of connections with ssh that authenticate through GSSAPI. However, it seems that the credentials are not getting passed. >From the client.. debug1: Next authentication method: gssapi-with-mic debug2: we sent a

Alon, On 12/18/2018 06:52 PM, Alon Bar-Lev wrote: > OK... So you have an issue... > > First, you need to delegate your smartcard to remote machine, probably > using unix socket redirection managed by openssh. This can be done in > many levels... > 1. Delegate USB device, this will enable only exclusive usage of the > smartcard by remote machine. > 2. Delegate PC/SC, this

On Wed, Feb 06, 2013 at 11:47:31PM +0100, Dmitry Mikushin wrote: > Dear all, > > I need your help to understand weird llvm-tblgen behavior. Please take your > favourite version of llvm-tblgen and use it in the root directory of the > archive attached in both bug reports: > > http://llvm.org/bugs/show_bug.cgi?id=15188 > http://llvm.org/bugs/show_bug.cgi?id=15189 $

Hi All! I am interested in testing whether the means for the data I am investigating are equal to a specific value - let's say 0.01. I have already run a one-way ANOVA and know that the differences in the means are not significant, so now I want to know what values the means take on. "otestme" is the data I am working with (it would be hard for me to get into a form that would be

I know OpenSSH currently supports PKCS11 devices (such as smartcards) for publickey authentication, but I would love to see PKCS11 extended further. It is currently possible to perform PKCS11 certificate authentication, via pam_krb5.so (on Linux at least and likely something similar on other *NIX) which allows smartcard auth to a Kerberos (including AD) server, where a TGT can also be granted.

Am 03.11.2015 um 16:44 schrieb buhorojo: > On 03/11/15 10:56, Ole Traupe wrote: >> >>>> I mean, putting the key in the keytab looks like a security risk to >>>> me. >>> In what way does it appear any more of a risk than having the keys >>> which you have there already? Even if someone steals the keytab, >>> they're gonna be hard

Hai, Lets start here. Handy for us to know. OS? Samba version? AD or member setup? And I suggest, set this in the ssh server. # GSSAPI options GSSAPIAuthentication yes Restart the ssh server and try to SSO login. If its a AD server this should work. Yes, you dont get home dir etc, end up in / after login, but lets check if this works. Greetz, Louis > -----Oorspronkelijk

please test Olaf Kirch's patch. it looks fine to me, but i don't to K5. i'd like to see this in the next release. thx -m -------------- next part -------------- --- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002 +++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002 @@ -73,18 +73,17 @@ * from the ticket */ int -auth_krb5(Authctxt *authctxt, krb5_data *auth, char

Dear all, I need your help to understand weird llvm-tblgen behavior. Please take your favourite version of llvm-tblgen and use it in the root directory of the archive attached in both bug reports: http://llvm.org/bugs/show_bug.cgi?id=15188 http://llvm.org/bugs/show_bug.cgi?id=15189 ==== 1) First test case: crashing ==== $ ./llvm-tblgen -gen-tgt-intrinsic NVPTX1.td assert(iid <=

>> I mean, putting the key in the keytab looks like a security risk to me. > In what way does it appear any more of a risk than having the keys > which you have there already? Even if someone steals the keytab, > they're gonna be hard pressed to crack the key in the few hours before > the tgt expires. Do you have very sensitive data maybe? Ok. And maybe I misunderstood

I have been trying to setup Samba4 as a DC using kerberos for authentication. I have successfully provisioned the domain, and was able to join my domain using my windows machine as well as kinit to obtain a ticket for my administrator user from my servers. I have hit a wall trying to setup a server to authenticate a SPN using a keytab. I can join the domain and kinit as my administrator user,

Hello, I'm having some issues getting a ggplot figure to show up in the knitr output, when placed in a loop. Specifically, I have a loop inside a knitr chunk : ```{r fitting, warning=FALSE, fig.width=10, fig.height=10, fig.keep='high'} for (t in 1:T) { # do a regression of tgt.vals ~ predictors and compute coeffs and fitted values (fit.vals / fit.adj.vals) plot(

I have been ready everything I can regarding this setup but am having a problem that I am unsure of. I am unable to authenticate any user despite the following commands working: %> getent passwd <username> %> wbinfo -u %> wbinfo -g With the getent passwd I am able to see all of my UID/GID being mapped via winbdind to the rid of the domain user account. This command fails: %>