Displaying 20 results from an estimated 13000 matches similar to: "Variable krb5 cache location"
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Apologies for v3 series, I had some extra patches in there. This is
the one that should have been sent. Relabeled as v4 for clarity.
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop capabilities before
doing most of its work. This may help reduce the attack surface of the
program.
Jeff Layton (4):
cifs.upcall: convert
2019 Nov 05
1
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
On 05/11/2019 12:17, banda bassotti via samba wrote:
> Luis, ok I'v removed everything, step 1:
>
> KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P
I have said this once already, but, I will try again ;-)
You are creating a keytab, which may or may not be called /etc/krb5.keytab2
> step2:
> # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD
>
2003 Nov 11
1
AIX KRB5CCNAME problem
I believe there is a bug in how AIX handles the KRB5CCNAME environment
variable. The symptom occurs when a root user restarts sshd while they
have KRB5CCNAME set; all of the resulting client connections will inherit
the same KRB5CCNAME variable. This can occur if the admin uses 'ksu' or
some other kerberized method of obtaining root privileges.
Investigating this problem, I stumbled
2005 Nov 27
3
OpenSSH and Kerberos / Active Directory authentication problems: Credentials cache permission incorrect / No Credentials Cache found
Greetings,
I'm working on the infrastructure of a medium size client/server
environment using an Active Directory running on Windows Server 2003 for
central authentication of users on linux clients.
Additionally OpenAFS is running using Kerberos authentication through
Active Directory as well.
Now I want to grant users remote access to their AFS data by logging in
into a central OpenSSH
2017 Mar 03
2
Use other default credential cache then FILE
/Hello, i m playing around with MIT kerberos at moment and got the
problem that openssh do not honor the "default_ccache_name" variable in
/etc/krb5.conf. It looks like the FILE based credential cache is
hardcoded and openssh set KRB5CCNAME to it, but i would like to use the
KEYRING cache. Is there any way to tell ssh to use the cache set in
"default_ccache_name"? /Many
2011 Dec 14
1
how to set up bind9 dns server for joined samba 4 to server 2003
Hi
Samba4 joined to server 2003 as a DC with this command:
samba-tool domain join samba.example.com DC -Uadministrator
--realm=samba.example.com
*How to Setup bind 9.7.3 as dns server Instead of windows dns server?*
================================>
try this:
create dns and named files with provision command
copy dns and named files to joind samba
config bind and set
2017 Dec 23
5
[Bug 2815] New: please set KRB5CCNAME to collection
https://bugzilla.mindrot.org/show_bug.cgi?id=2815
Bug ID: 2815
Summary: please set KRB5CCNAME to collection
Product: Portable OpenSSH
Version: 7.4p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Kerberos support
Assignee: unassigned-bugs
2017 Aug 05
3
Printing with smbspool_krb5_wrapper not working in Ubuntu 16.04
> > I should have mentioned this earlier, but the users does not exist
> > in /etc/passwd, instead they are in LDAP and when they log in to the
> > computer they get some Kerberos tickets for the domain and the file
> > system. When printing on 14.04 they get another Kerberos ticket for
> > the printing system according to "klist" after they have done
2016 Apr 13
1
[Fwd: Re: Samba_dlz, dhcp y zona inversa no actualiza]
>> what is in '/usr/bin/dhcpd-update-samba-dns.sh' ?
# will receive addresses from this DHCP server. Instructions are found here:
#
https://wiki.archlinux.org/index.php/Samba_4_Active_Directory_Domain_Controller#DHCP
sleep 5
checkvalues()
{
[ -z "${2}" ] && echo "Error: argument '${1}' requires a parameter." &&
exit 1
case ${2} in
-*)
echo
2003 Nov 12
2
[Bug 757] KRB5CCNAME inherited from root's environment under AIX
http://bugzilla.mindrot.org/show_bug.cgi?id=757
Summary: KRB5CCNAME inherited from root's environment under AIX
Product: Portable OpenSSH
Version: -current
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
2017 Feb 11
2
[RFC][cifs-utils PATCH] cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's /proc/<pid>/environ file
Chad reported that he was seeing a regression in cifs-utils-6.6. Prior
to that, cifs.upcall was able to find credcaches in non-default FILE:
locations, but with the rework of that code, that ability was lost.
Unfortunately, the krb5 library design doesn't really take into account
the fact that we might need to find a credcache in a process that isn't
descended from the session.
When the
2011 Sep 13
1
Domain Member keytabs invalid after Password Change
We have a 2008r2 AD domain. We join Linux machines as domain members using
Samba with Winbind (I'll show all of my config files below). This portion
of our setup works without failures of any kind. However, some of these
machines are web servers for Intranet stuff and we'd like to have SSO
working. For this, we use Apache (HTTPD) plus mod_auth_kerb (requires a
keytab file). So, since
2005 Jun 29
3
sshd deletes the GSSAPI ticket on exit
Hello All,
I have run into a situation where a user exiting from a
PAM_KERBEROS-authenticated session runs the risk of deleting a
kinit-generated credentials file that was already sitting on the server. I
will explain the problem in detail, but let me begin with my question. It
has a specific reference to PAM_KERBEROS, but it can also be a general
question.
If a user (ssh) session was
2003 Oct 30
3
[Bug 751] KRB5CCNAME set incorrectly in GSSAPI code
http://bugzilla.mindrot.org/show_bug.cgi?id=751
Summary: KRB5CCNAME set incorrectly in GSSAPI code
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Kerberos support
AssignedTo: openssh-bugs at mindrot.org
2002 Mar 09
0
krb5 problem: KRB5CCNAME is ""; possible fix for OpenSSH 3.0.2p1
I'm using a OpenSSH 3.0.2p1 with the krb5 patch from
<http://www.sxw.org.uk/computing/patches/openssh.html>.
I'm getting KRB5CCNAME set to "" even though
<http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98269278629018&w=2>
mentions fixing it. This causes things like kinit to
fail with a somewhat uninformative error message.
The relevant sshd_config lines
2019 Nov 05
7
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Ok,
Your keytab looks ok now.
oldsamba.dom.corp is an alias for fs-a.oldsamba.dom.corp.
fs-a.dom.corp has address 10.0.0.2
i would have expected here.
oldsamba.dom.corp is an alias for fs-a.dom.corp.
fs-a.dom.corp has address 10.0.0.2
Or was that a typo? I assuming a typo..
About your setup from the script outpout.
Change this one.
/etc/hosts
10.0.0.2 fs-a.dom.corp fs-a oldsamba #
2009 Sep 19
1
cifs.upcall not respecting krb5ccname env var?
Hello,
I've been doing some extensive troubleshooting with respect to some issues
mounting CIFS shares on a Windows box via Kerberos. We're using the command:
/sbin/mount.cifs //whatever/whatever /whatever -o sec=krb5i
This should mount the share using Kerberos & Packet-signing by using the
cached credentials of the user executing the command. With judicious use of
strace, it
2017 Feb 14
3
[PATCH v2 0/2] cifs.upcall: allow cifs.upcall to grab $KRB5CCNAME from initiating process
Small respin of the patches that I posted a few days ago. The main
difference is the reordering of the series to make it do the group
and grouplist manipulation first, and then the patch that makes
it grab the KRB5CCNAME from the initiating process.
I think the code is sound, my main question is whether we really
need the command-line switch for this. Should this just be the
default mode of
2004 May 04
3
Error with USE_POSIX_THREADS and OpenSSH-3.8p1
Hello,
I am using OpenSSH-3.8p1 on HP-UX machine with USE_POSIX_THREADS option.
This is for making the kerberos credentials file to be created in the system
with PAM. In OpenSSH versions 3.5 when authentication is done with pam
kerberos, a /tmp/krb5cc_X_Y file is created on the server side. But the
KRB5CCNAME variable is not set by default. So, after we manually set this
environment variable, the