logo_kerberos.gif

Search results

From K5Wiki
Jump to: navigation, search

Page title matches

Page text matches

  • ...to a customer. Hostnames change. pam_krb5 in auth stack. Why not try every principal in the keytab? .... Other keytab (containing only http key) readable by httpd could fake any principal.
    2 KB (244 words) - 14:14, 24 January 2012
  • :* Flexible KDC configuration for preauth requirements per principal
    1 KB (183 words) - 15:31, 20 February 2012
  • == Principal mapping ==
    1 KB (163 words) - 18:38, 21 February 2012
  • ;Simo: Useful to have stable principal names. Also handling multiple realms not so greta. Don't want to make clien
    2 KB (271 words) - 15:19, 30 April 2012
  • ...anularity of error handling on init_creds. Invalid password different from principal not found. Is reasonable to treat differently in terms of fallback? Maybe c ;Will: Errors from propagation delays -- either password changes or principal creation.
    3 KB (457 words) - 15:14, 17 April 2012
  • ...torage appliance. AD multi-master race condition joining, creating service principal. ...KDCs. Multiple KDCs, admin servers in kdc.conf. Orders opposite. kinit -- principal not found. Should it try harder?
    1 KB (227 words) - 16:23, 17 April 2012
  • ;Greg: App might provide a desired principal name. ;Sam: Not sure about using default ccache. If application A requests a principal, can unexpectedly change the behavior of application B which uses default c
    2 KB (366 words) - 16:52, 6 June 2012
  • ...r does supply a desired name, or when krb5_cc_select() can deduce a client principal from the target name. In this case, multiple principals from the same keyt # The system should work well with credential cache collections (see [[Projects/Client_principal_selectio
    11 KB (1,732 words) - 09:05, 30 July 2014
  • ## In the KDC side we propose to just insert the principal WELLKNOW:FEDERATED with a random password (as the actual reply key will be
    6 KB (937 words) - 04:44, 7 September 2012
  • |rowspan=3|Determine service principal | cross-realm referral || ✗ || service principal, TGS
    14 KB (2,151 words) - 12:01, 29 October 2013
  • ...While we are it we're adding fields to policy for all policy-ish things in principal records. And making policy finally extensible in the same way that princip ; allowed_keysalts : key/salt type list that the principal is allowed to have keys of
    4 KB (614 words) - 18:14, 30 July 2012
  • ...ials are successfully obtained (working name ''pa_type'', on a per-service-principal basis). ...credentials are obtained (working name ''pa_config_data'', on a per-server-principal basis), and for reading them when called to generate preauth data.
    7 KB (1,211 words) - 11:51, 19 October 2012
  • ...esented a ticket with the wrong kvno or just a ticket for the wrong server principal. (Update: the simple case will be addressed in 1.13 by {{bug|7232}}.)
    4 KB (614 words) - 12:39, 2 April 2019
  • Our administrative toolset mostly provides support for operating on one principal entry or policy at a time. As the number of principals in a database incre Some known and hypothesized use cases for reporting and bulk operations are:
    4 KB (654 words) - 17:07, 2 March 2015
  • ;Simo: client@REALM1 does AS-REQ to REALM2, gets "principal unknown" instead of "wrong realm".
    1 KB (166 words) - 14:46, 3 December 2012
  • ...cle. To configure, you needed to give it principal and password with kadm5 principal creation privileges. Won't work in FreeIPA.
    2 KB (358 words) - 16:04, 19 December 2012
  • ...ntains the policy_refcnt field in its principal operations (so modifying a principal can also result in modifying its old or new policy reference), and refuses ...This created a terrible performance problem--especially since fetching a principal currently requires fetching its associated policy object. After {{bug|6799
    7 KB (1,073 words) - 01:08, 15 March 2013
  • The krb5_aname_to_localname() function attempts to convert a krb5 principal name into a local account name according to policy. The default behavior m ...in file exists, authorization succeeds if krb5_aname_to_localname maps the principal name to the local account name.
    6 KB (865 words) - 13:06, 16 August 2013
  • ...n returned ticket for direct cross-realm unless ok-as-delegate flag set on principal, but only for S4U2Self.
    1 KB (228 words) - 16:14, 30 January 2013
  • This project adds the ability to have principal entries with no long-term keys. Traditionally, it was useless for a principal entry to have no long-term keys because you wouldn't be able to authenticat
    6 KB (982 words) - 11:51, 17 July 2013

View (previous 20 | next 20) (20 | 50 | 100 | 250 | 500)