logo_kerberos.gif

Search results

From K5Wiki
Jump to: navigation, search

Page title matches

Page text matches

  • ...esented a ticket with the wrong kvno or just a ticket for the wrong server principal. (Update: the simple case will be addressed in 1.13 by {{bug|7232}}.)
    4 KB (614 words) - 13:39, 2 April 2019
  • Our administrative toolset mostly provides support for operating on one principal entry or policy at a time. As the number of principals in a database incre Some known and hypothesized use cases for reporting and bulk operations are:
    4 KB (654 words) - 18:07, 2 March 2015
  • ;Simo: client@REALM1 does AS-REQ to REALM2, gets "principal unknown" instead of "wrong realm".
    1 KB (166 words) - 15:46, 3 December 2012
  • ...cle. To configure, you needed to give it principal and password with kadm5 principal creation privileges. Won't work in FreeIPA.
    2 KB (358 words) - 17:04, 19 December 2012
  • ...ntains the policy_refcnt field in its principal operations (so modifying a principal can also result in modifying its old or new policy reference), and refuses ...This created a terrible performance problem--especially since fetching a principal currently requires fetching its associated policy object. After {{bug|6799
    7 KB (1,073 words) - 02:08, 15 March 2013
  • The krb5_aname_to_localname() function attempts to convert a krb5 principal name into a local account name according to policy. The default behavior m ...in file exists, authorization succeeds if krb5_aname_to_localname maps the principal name to the local account name.
    6 KB (865 words) - 14:06, 16 August 2013
  • ...n returned ticket for direct cross-realm unless ok-as-delegate flag set on principal, but only for S4U2Self.
    1 KB (228 words) - 17:14, 30 January 2013
  • This project adds the ability to have principal entries with no long-term keys. Traditionally, it was useless for a principal entry to have no long-term keys because you wouldn't be able to authenticat
    6 KB (982 words) - 12:51, 17 July 2013
  • * Reduce DNS-related difficulties with service principal names ** Config to disable client service principal canonicalization
    1 KB (125 words) - 13:02, 11 March 2014
  • ;Greg: DAL can return a referral TGS principal.
    2 KB (381 words) - 18:19, 1 March 2013
  • ...eys use the "user" key type, and contain serialized representations of the principal name or credential as appropriate.
    7 KB (1,099 words) - 09:38, 4 October 2013
  • ;Greg: Write a project page. LDAP back end can check but ignores client principal. [ this would be a new capability ] ...rm would be "@REALMNAME". Heimdal apparently gives you a single-component principal whose content is "@" in that case.
    1 KB (197 words) - 16:44, 13 June 2013
  • ...lback_realm() function attempts to map a hostname to one or more realms as well, using more heuristic or insecure approaches than krb5_get_host_realm(). W ...m()). It is used chiefly by krb5_parse_name() when the string form of the principal contains no realm, but is also used in many other ways.
    7 KB (1,010 words) - 14:05, 16 August 2013
  • ...als, but does not have provisions for which user principals that the proxy principal can request service tickets on behalf of. DESC 'Principal names member of a groupOfPrincipals group'
    9 KB (1,275 words) - 17:38, 10 September 2014
  • ...RADIUS server must have access to passwords or verification hashes for the principal. ...ecified and implemented. The new armor type uses a PAKE exchange with the principal's long-term key. Within the resulting FAST channel, the client performs OT
    10 KB (1,684 words) - 12:22, 5 September 2014
  • ...ject will implement a means of restricting access without requiring that a principal always authenticates using high-strength pre-authentication, by marking how ...pal if it was not already loaded, and the AD-SIGNTICKET code will use that principal entry for its checksums.
    14 KB (2,182 words) - 22:13, 24 August 2015
  • ;Greg: Aliases? e.g. client uses a ticket with a service principal alias, but the keytab also has the wrong kvno. (Which should take priority
    996 bytes (164 words) - 15:14, 30 April 2014
  • DOD sites primarily use DOD CAC with PKINIT. MIT implementation expects principal name in cert; need patches for MIT KDC to handle this. Non-CAC includes Se ...d service principals. There is interest in splitting the flag somehow, as well as the related requires_hwauth. There are sites using existing dual meanin
    4 KB (604 words) - 18:27, 20 May 2014
  • ...bly best to somehow encode something similar to what is currently used for principal key data storage and put in a new attribute. ...et realm TGT when getting service tickets instead of cueing off the client principal's realm. Viktor will call in next week to describe more details.
    1 KB (202 words) - 16:40, 10 June 2014
  • ...represent more structured data that would otherwise need multiple rows per principal. Clustered services that have multiple hosts needing to share a single service principal/key. Different sites have different requirements for how this needs to wor
    2 KB (345 words) - 10:49, 30 June 2014

View (previous 20 | next 20) (20 | 50 | 100 | 250 | 500)