Search results
From K5Wiki
Create the page "Well known principal" on this wiki! See also the search results found.
Page title matches
Page text matches
- Will asks about the special kiprop principal. Apparently Solaris creates it automatically at KDB creation time, and MIT657 bytes (97 words) - 15:11, 24 June 2014
- # Specify mapping from cert to principal. Was matching string inside TL-data, now using string attributes. Ken's KDC principal matching rules are a generalization of existing matching rules in the PKINI2 KB (306 words) - 16:14, 19 August 2014
- ...current replay cache implementation has severe performance limitations as well as flaws which can cause both false positives and false negatives. Many se ...r name field. Records are generally small, but are not fixed-size because principal names vary in length.11 KB (1,865 words) - 02:31, 21 February 2019
- ...l APIs. In release 1.10, the [[Projects/Client_principal_selection|client principal selection]] project implemented the collection-enabled DIR credential cache ...switchable type, kinit will scan the collection for a cache with the same principal as it is acquiring credentials for, and will refresh that cache if one is f7 KB (1,215 words) - 11:45, 24 March 2015
- # Construct the first PAKEProfile-specific PAKEMessage using the principal's secret key. ...roadly implemented (including OpenSSL, NSS and BouncyCastle). There are no known patents covering it. The only major downside of using it is that it require10 KB (1,401 words) - 16:19, 17 March 2015
- ...y hexadecimal format, as an artifact of being stored in the tl_data of the principal. ===Principal metadata===6 KB (856 words) - 16:11, 14 September 2015
- ...ning for negative kvno values in krb5_dbe_def_search_enctype(), the server principal will not work (TGS requests will receive "KDC has no support for encryption9 KB (1,477 words) - 22:12, 24 August 2015
- ...That is, the desired service principal's realm is replaced with the client principal's and a TGS-REQ is sent to that realm's TGS. - when the client principal's realm is a WELLKNOWN realm (e.g., the anonymous realm)4 KB (728 words) - 12:15, 23 July 2019
- * Implement principal renaming in LDAP back end814 bytes (102 words) - 17:15, 7 October 2016
- ...ther to offer specific factors (including SF-NONE) for a particular client principal.5 KB (846 words) - 01:36, 28 October 2015
- ...the PRF+ function with the string "COOKIE" followed by the unparsed client principal name as input. The encryption uses key usage 513, which is in the key usag7 KB (1,065 words) - 14:25, 23 September 2015
- ===Principal key history=== * Principal name2 KB (272 words) - 16:08, 14 September 2015
- ...y set to /opt/csw. This would ordinarily allow ssh access by the Kerberos principal games@ATHENA.MIT.EDU. We change the home directory of this account to / so ...als may be added to .k5login, but make sure it exists so that the Kerberos principal "buildbot" does not have access to the account.7 KB (1,263 words) - 11:54, 12 July 2018
- ...ontain a SAN (Subject Alternative Name) field containing either a Kerberos principal or a Microsoft UPN. In some deployments, certificates are issued from a th ...nge) to determine whether a certificate is authorized to authenticate to a principal. A certauth module can be implemented in the same shared object as a KDB m3 KB (495 words) - 11:30, 5 December 2018
- Conversions to an unsigned integer type are well-specified (C99 section 6.3.1.3), as are arithmetic operations on unsigned t * lockout.c (LDAP and DB2) compares timestamps to determine if a principal entry is locked or was administratively unlocked.18 KB (2,968 words) - 15:53, 7 May 2017
- ...principal operations, which may result in changes to the added or modified principal. ...urrently not possible with kadm5.acl as we only allow wildcarding of whole principal components.9 KB (1,469 words) - 18:03, 29 July 2017
- ...script from krbdev-services into it. Also create a keytab for the krbsnap principal in ~/snap/krbsnap.keytab. Add the cron job to run gensnap from krbdev/krbs8 KB (1,183 words) - 21:33, 17 April 2020
- ...be associated with the principal entry in the KDB to bind the token to the principal. Signing produces a one-time access credential in response to a challenge. * Registration is performed in band. The KDC administrator flags the principal entry as requiring token registration, causing the KDC to issue a special c6 KB (966 words) - 16:34, 6 November 2018
- ...e, krb5_sname_to_principal() would have to leave the short hostname in the principal name, and krb5_get_credentials() would have to add suffixes when performing ...5.conf variable, allowing greater administrator control over the canonical principal names the library will try. Here is an example from Heimdal's krb5.conf(5)7 KB (1,179 words) - 17:37, 7 December 2019
- ...({{rfcref|6803}} section 3), the KDC may issue a ticket to an outgoing TGS principal; this is called a "referral". ...he "subject") to the requesting service. The subject may be identified by principal or by X.509 certificate. S4U2Self requests do not require special privileg13 KB (2,178 words) - 03:19, 9 December 2021
