Search results
From K5Wiki
Create the page "Well known principal" on this wiki! See also the search results found.
Page title matches
Page text matches
- * Reduce DNS-related difficulties with service principal names ** Config to disable client service principal canonicalization1 KB (125 words) - 13:02, 11 March 2014
- ;Greg: DAL can return a referral TGS principal.2 KB (381 words) - 18:19, 1 March 2013
- ...eys use the "user" key type, and contain serialized representations of the principal name or credential as appropriate.7 KB (1,099 words) - 09:38, 4 October 2013
- ;Greg: Write a project page. LDAP back end can check but ignores client principal. [ this would be a new capability ] ...rm would be "@REALMNAME". Heimdal apparently gives you a single-component principal whose content is "@" in that case.1 KB (197 words) - 16:44, 13 June 2013
- ...lback_realm() function attempts to map a hostname to one or more realms as well, using more heuristic or insecure approaches than krb5_get_host_realm(). W ...m()). It is used chiefly by krb5_parse_name() when the string form of the principal contains no realm, but is also used in many other ways.7 KB (1,010 words) - 14:05, 16 August 2013
- * Authenticate request content -- sometimes authenticates the client principal too * Determine service principal797 bytes (97 words) - 17:34, 25 June 2013
- ...als, but does not have provisions for which user principals that the proxy principal can request service tickets on behalf of. DESC 'Principal names member of a groupOfPrincipals group'9 KB (1,275 words) - 17:38, 10 September 2014
- ...RADIUS server must have access to passwords or verification hashes for the principal. ...ecified and implemented. The new armor type uses a PAKE exchange with the principal's long-term key. Within the resulting FAST channel, the client performs OT10 KB (1,684 words) - 12:22, 5 September 2014
- ...ject will implement a means of restricting access without requiring that a principal always authenticates using high-strength pre-authentication, by marking how ...pal if it was not already loaded, and the AD-SIGNTICKET code will use that principal entry for its checksums.14 KB (2,182 words) - 22:13, 24 August 2015
- ;Greg: Aliases? e.g. client uses a ticket with a service principal alias, but the keytab also has the wrong kvno. (Which should take priority996 bytes (164 words) - 15:14, 30 April 2014
- DOD sites primarily use DOD CAC with PKINIT. MIT implementation expects principal name in cert; need patches for MIT KDC to handle this. Non-CAC includes Se ...d service principals. There is interest in splitting the flag somehow, as well as the related requires_hwauth. There are sites using existing dual meanin4 KB (604 words) - 18:27, 20 May 2014
- ...bly best to somehow encode something similar to what is currently used for principal key data storage and put in a new attribute. ...et realm TGT when getting service tickets instead of cueing off the client principal's realm. Viktor will call in next week to describe more details.1 KB (202 words) - 16:40, 10 June 2014
- ...represent more structured data that would otherwise need multiple rows per principal. Clustered services that have multiple hosts needing to share a single service principal/key. Different sites have different requirements for how this needs to wor2 KB (345 words) - 10:49, 30 June 2014
- Will asks about the special kiprop principal. Apparently Solaris creates it automatically at KDB creation time, and MIT657 bytes (97 words) - 15:11, 24 June 2014
- # Specify mapping from cert to principal. Was matching string inside TL-data, now using string attributes. Ken's KDC principal matching rules are a generalization of existing matching rules in the PKINI2 KB (306 words) - 16:14, 19 August 2014
- ...current replay cache implementation has severe performance limitations as well as flaws which can cause both false positives and false negatives. Many se ...r name field. Records are generally small, but are not fixed-size because principal names vary in length.11 KB (1,865 words) - 02:31, 21 February 2019
- ...l APIs. In release 1.10, the [[Projects/Client_principal_selection|client principal selection]] project implemented the collection-enabled DIR credential cache ...switchable type, kinit will scan the collection for a cache with the same principal as it is acquiring credentials for, and will refresh that cache if one is f7 KB (1,215 words) - 11:45, 24 March 2015
- # Construct the first PAKEProfile-specific PAKEMessage using the principal's secret key. ...roadly implemented (including OpenSSL, NSS and BouncyCastle). There are no known patents covering it. The only major downside of using it is that it require10 KB (1,401 words) - 16:19, 17 March 2015
- ...y hexadecimal format, as an artifact of being stored in the tl_data of the principal. ===Principal metadata===6 KB (856 words) - 16:11, 14 September 2015
- ...ning for negative kvno values in krb5_dbe_def_search_enctype(), the server principal will not work (TGS requests will receive "KDC has no support for encryption9 KB (1,477 words) - 22:12, 24 August 2015
