similar to: GSSAPI cross-realm fixed

Displaying 20 results from an estimated 200 matches similar to: "GSSAPI cross-realm fixed"

2009 Mar 03
0
GSSAPI cross-realm still broken
I've been trying to track down some problems with Dovecot in a Kerberos 5 cross-realm environment, and there seem to be a few issues. LOGIN/PLAIN work fine using pam_krb5, but GSSAPI is a bit harder to handle. On line 436 of src/auth/mech-gssapi.c, the authn_name and the authz_name are compared using gss_compare_name. This dates back to the message at:
2009 Jul 29
1
authn_name and authz_name differ: not supported
Hello, I'm trying to authenticate using GSSAPI, but getting this in dovecot.log "authn_name and authz_name differ: not supported". What is actually trying to say me? I've remeber once encounter this problem but it get away silently. I'm using Mozilla Thunderbird 3 beta 3 and Dovecot 1.0.15
2005 Oct 19
2
[PATCH] Support for GSSAPI SASL Mechanism
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Attached is a patch against current CVS that adds support for the GSSAPI SASL mechanism. It was written from scratch, after reading the patch from Colin Walters against a much older version of dovecot. Other then support for the 'GSSAPI' mechanism, it contains the following changes: - - Added 'auth_krb5_keytab' option for
2013 May 09
1
Crossrealm Kerberos problems
I am running dovecot 2.1.7 on Debian Squeeze 64 bit, config information at the end of the email. I am working on a Kerberos/GSSAPI based setup that requires cross-realm authentication. I have regular GSSAPI working, I can log in using pam_krb5 with password based logins or with the GSSAPI support when using a kerberos ticket in the default realm. However when I attempt to authenticate using
2005 Nov 27
3
OpenSSH and Kerberos / Active Directory authentication problems: Credentials cache permission incorrect / No Credentials Cache found
Greetings, I'm working on the infrastructure of a medium size client/server environment using an Active Directory running on Windows Server 2003 for central authentication of users on linux clients. Additionally OpenAFS is running using Kerberos authentication through Active Directory as well. Now I want to grant users remote access to their AFS data by logging in into a central OpenSSH
2009 Aug 28
1
GSSAPI Authentication Broke with Dovecot 1.1.16 -> 1.2.4 Upgrade
This morning I upgraded a dovecot installation from 1.1.16 to 1.2.4 on a FreeBSD 7.2 server, and then spent 3 hours trying to figure out why GSSAPI authentication had broken. It turned out to be a recent change in Dovecot's mech-gssapi.c to do with checking for NULs in usernames: everything worked fine when I disabled that test. <http://hg.dovecot.org/dovecot-1.2/rev/5d53b1d66d1b> This
2012 Aug 10
11
[Bug 2032] New: Local user name in krb5_kuserok call
https://bugzilla.mindrot.org/show_bug.cgi?id=2032 Priority: P5 Bug ID: 2032 Assignee: unassigned-bugs at mindrot.org Summary: Local user name in krb5_kuserok call Severity: normal Classification: Unclassified OS: AIX Reporter: miguel.sanders at uniforce.be Hardware: PPC Status: NEW
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and other principal names in authorized_keys entries. It's a sort of replacement for .klogin and .k5login, but it's much more general than .k*login as it applies to any authentication mechanism where a name is associated with the ssh client and it supports name patterns and all the normal authorized_keys entry options
2011 Mar 10
1
Dove cot+Kerberos
Hi All. I have a problem with authorization users AD via kerberos in Dovecot&Postfix. Windows SRV 2008 Standart - AD mail server: Gentoo + cyrus-sasl + postfix + dovecot with support ldap&kerberos. I am created a 4 keytabs on Windows box. C:\Users\Admin>ktpass -princ host/srv-mail.cn.energy at CN.ENERGY -mapuser ldapmail at CN.ENERGY -pass "superpasswd" -crypto RC4-HMAC-NT
2009 Jun 24
2
dovecot 1.2rc5 fails to authenticate user via GSSAPI
Hi, we're facing problem where dovecot 1.2rc5 is not able to authenticate user via gssapi. (I'm forwarding information from red hat's bugzilla) Steps to reproduce: 1. Install dovecot with kerberos support, create mailboxes for the client 2. Get initial credentials on client side 3. Attempt to log in via dovecot using gssapi -> login failed Client side 1. Email client displays:
2007 Feb 03
1
GSSAPI authentication behind HA servers
Hi all, We have 2 mail servers sitting behind linux-HA machines.The mail servers are currently running dovecot 1.0rc2. Looking to enable GSSAPI authentication, I exported krb keytabs for imap/node01.domain at REALM and imap/node02.domain at REALM for both mail servers. However, clients are connecting to mail.domain.com, which results in a mismatch as far as the keytab is concerned (and rightly
2005 Dec 30
1
Compile problem on FreeBSD 6.0-STABLE
Trying to update to dovecot-1.0.alpha5 and seeing this at compile time: mech-gssapi.o mech-gssapi.c; then mv -f ".deps/mech-gssapi.Tpo" ".deps/mech-gssapi.Po"; else rm -f ".deps/mech-gssapi.Tpo"; exit 1; fi mech-gssapi.c:30:27: gssapi/gssapi.h: No such file or directory mech-gssapi.c:42: error: syntax error before "gss_ctx_id_t" mech-gssapi.c:51: error:
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h
2007 Sep 30
2
Central principal->user@host management?
[Apologies if this is an off-topic question; please direct me to a more appropriate place if so.] Using Kerberos/GSSAPIAuthentication, is there a way to centrally control/manage (perhaps using LDAP?) which user principals can log into what hosts/accounts? -- Jos Backus jos at catnook.com
2019 Oct 04
2
authorized_principals for Kerberos authentication
Hello, SSH supports ~/.ssh/authorzied_keys for SSH keys and ~/.ssh/authorized_principals for X509 certs. I could not find an equivalent of authorzied_keys using Kerberos authentication. IMHO it should be possible using the Kerberos principal very much like the principal contained inside a X509 certificate. My main use case is assigning a specific command to a user logging in using Kerberos
2006 Jul 07
0
Bug#377276: "Did not receive identification string" warning reappeared
Package: logcheck-database Version: 1.2.45 Severity: normal Tags: patch pending confirmed My bad, sorry. --- rulefiles/linux/ignore.d.server/ssh 6 Jul 2006 10:16:41 -0000 1.18 +++ rulefiles/linux/ignore.d.server/ssh 7 Jul 2006 19:35:19 -0000 @@ -10,7 +10,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from [:[:alnum:].]+ \([:[:alnum:].]+\)$ ^\w{3} [ :0-9]{11}
2003 Apr 22
2
Kerberos password change patch
Attached is a patch that allows for an interactive Kerberos password change via keyboard-interactive, and also reports any banners received from krb5_g_i_c_p() (e.g., password expiration notification if you have krb5-1.2.x patched appropriately). This could probably be refactored a bit and probably done better, but I'm sending this in in case anyone finds it useful. The major drawback is
2004 May 24
2
SIP Authentication Problem
I have a group of users configured as extensions in *.These users are registered with a SIP Proxy Server and can receive calls very well. The problem happens when any user tries to make an outbound call. The proxy replies with a "401 Unauthorized" and * don't try another INVITE including credentials. Here is part of the content of sip.conf. [general] port = 5061 bindaddr = *.IP
2018 Dec 12
1
GSSAPI/Kerberos authenticate with Dovecot
Ah, i think whats going on here. The wiki example and your are using different setup. The wiki uses a separate account, and not the computer account like you. Based on that wiki. - install server + samba. ( already dont ) - join the domain. ( also done ) Good you said you have share access.. ln -sf /usr/local/samba/private/krb5.conf /etc/krb5.conf << not needed. Just use the
2014 Jan 30
0
Announce: OpenSSH 6.5 released
Changes since OpenSSH 6.4 ========================= This is a feature-focused release. New features: * ssh(1), sshd(8): Add support for key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519. This key exchange method is the default when both the client and server support it. * ssh(1), sshd(8): Add support for Ed25519 as a public key type. Ed25519 is a