Search results
From K5Wiki
Create the page "Well known principal" on this wiki! See also the search results found.
Page title matches
- The '''PAC and principal APIs''' project defines some APIs that are useful in an active-directory en krb5_const_principal principal,6 KB (800 words) - 00:29, 16 February 2010
- * Allow client principal selection by GSSAPI apps based on the target service and hostname, using ei * Prompting the user to decide on the client principal and remembering the answer.13 KB (2,135 words) - 14:25, 12 October 2011
- This project will add string attributes to krb5 principal entries in the KDB, along with kadmin support for displaying and modifying ...n OTP preauth plugin needs to know what kind of token is associated with a principal and may also need type-specific information about the token.5 KB (674 words) - 12:20, 11 November 2011
Page text matches
- ...ively, a separate session key enctype preference list could exist on a per-principal basis.4 KB (560 words) - 13:27, 12 October 2010
- ...ich will eventually have positive ramifications for principal renaming and principal canonicalization.4 KB (555 words) - 00:12, 16 February 2010
- | <ul><li> A guide to GSS-API naming as compared to Kerberos principal naming</ul>|| || || || | <ul><li> An advanced guide to the principal manipulation and parsing</ul>|| TY || TBD || ||20 KB (3,209 words) - 10:28, 5 June 2013
- principal as an arg to krb5_kt_get_entry() which will return an error if there are no entries for that principal in the keytab.6 KB (1,083 words) - 00:11, 16 February 2010
- ...at the initial ticket flag is set on certain service principals. When the principal is manually created the admin needs to be able to set the flag. Is it suff Tom: Was it the changepw principal that was the problem?2 KB (429 words) - 17:38, 10 January 2011
- unsigned int - client length == strlen(client principal name) + 1 variable - client principal name (NUL terminated C-string)11 KB (1,655 words) - 00:08, 16 February 2010
- ...to the local KDC and requesting referrals. This may be limited to service principal names with specific name types or in specific forms (''e.g.,'' two componen * the server principal name is unknown5 KB (811 words) - 00:13, 16 February 2010
- ...rals for AD support but lots of traffic about bugs in referrals. May need principal re-writing (currently only have realm re-writing) to make referrals useful4 KB (649 words) - 17:39, 10 January 2011
- ...use the new error comes from inside the keytab code. Should function take principal argument? Use as search criteria? :Assumption was stash file held only 1 key -- principal used for prompting function?2 KB (256 words) - 17:40, 10 January 2011
- ...mber of "security tokens" (such as a Kerberos ticket) to SOAP messages, as well as cryptographically binding tokens to messages. This provides a means for ...k" given above. Both utilize SOAP-based messages and employ WS-Security as well as WSDL. However, they diverge as one goes further "up the stack". Yet, bot99 KB (14,634 words) - 19:15, 29 October 2008
- o in ACL model, only thing you have is the principal name, so fewer6 KB (835 words) - 17:37, 22 August 2008
- principal and stash file and then migrate the encryption of existing which key to use when decrypting a principal's long term secret key.9 KB (1,614 words) - 00:11, 16 February 2010
- ...Adding support for issuing new keys to application server for the service principal. Tom: If you have a service using a single service principal on multiple hosts. Want to create a new key and mark it as inactive. Dist3 KB (486 words) - 17:41, 10 January 2011
- ...The first is support for '''Unicode principal names and case insensitive principal search'''. The goal of this project is to get behavior more similar to Mic ...second feature is generalized support for name canonicalization and server principal aliases.7 KB (1,146 words) - 00:37, 16 February 2010
- The '''PAC and principal APIs''' project defines some APIs that are useful in an active-directory en krb5_const_principal principal,6 KB (800 words) - 00:29, 16 February 2010
- * Query to efficiently report when a principal is locked out due to password failures * Crypto modularity -- make sure PKCS#11 etc. work well5 KB (580 words) - 18:06, 3 January 2017
- ...rs with more than one hostname. Case folding and other transformations of principal names are out of scope. Management and propagation of aliases is out of sc ...s canonical. If this attribute is set and does not match the searched-for principal name, then the entry is returned only if canonicalization was requested, an2 KB (370 words) - 15:47, 13 March 2009
- ...When adding an entry, please include a brief description of the term, as well as a link to where more information can be found if the term is not defined ...ile or other storage unit containing a list of tickets for the same client principal.5 KB (753 words) - 12:41, 14 January 2010
- ...insecure like "master". The DB will be created in /usr/local/var/krb5kdc/principal and a few other similarly-named files. The master key stash will be create ...run with the memory checker, a log file at BUILDTOP/vg.[pid] and a list of known warnings to suppress. It is a make variable, not a shell/environment varia17 KB (2,849 words) - 12:17, 11 September 2019
- ...ata proposal allows client library to track whether a KDC supports service principal referrals.2 KB (190 words) - 16:48, 3 March 2010
- .../wiki/Task-List_for_Samba4_Port_(Andrew_Bartlett)#Principal_.22types.22 '''Principal "types":'''] client / server / krbtgs already works well with MIT application libraries.10 KB (1,571 words) - 09:40, 18 September 2009
- * the Subject contains the client principal name ...cation of public key signatures and some out-of-band mechanism for binding principal names14 KB (2,026 words) - 13:17, 5 November 2009
- ...l then issue a (signed) SAML assertion that identities the Kerberos client principal, and optionally carries the original AP_REQ request (encoded in base64). In3 KB (502 words) - 15:35, 4 December 2009
- | lib/krb5/principal.c | lib/krb5/principal.c29 KB (4,937 words) - 11:48, 31 August 2009
- ...rary principal to itself (the service is trusted to have authenticated the principal) ...ER], introduced in Windows 2003, which consists of the "user name" (client principal) and a checksum of the PA data with the TGT session key12 KB (1,884 words) - 13:40, 16 February 2010
- ...s. The default salt is specified by RFC 4120 as "the concatenation of the principal's realm and name components, in order, with no separators" but the KDC can ...key; other salt types indicate various ways of computing the salt from the principal. NORMAL indicates the default salt, but as of 1.7, the KDC explicitly comm8 KB (1,372 words) - 13:26, 22 September 2011
- * ktset creates a keytab with the derived principal, in cooperation with a back end to allow creation of these principals in ...ver to provide access to the user-derived principal as if it were the user principal.3 KB (525 words) - 23:56, 3 January 2011
- Authenticating as principal haoqili/admin@D.COM with password.15 KB (2,287 words) - 13:26, 22 December 2015
- database_name = /tmp/krb5kdc/principal database_name = %(sandir)s/principal1 KB (128 words) - 11:56, 18 August 2009
- * change the behaviour of krb5_rd_req() to always verify known authorization data elements ...ve provided helper routines for marshalling and verifying AD-KDCIssued, as well sample application- and KDC-side plugins. A few hundred lines of code in to33 KB (4,224 words) - 00:31, 16 February 2010
- LDAP as extra values in the multivalued "principal name" <li> [[Principal Names, long and short names:]]51 KB (7,287 words) - 13:17, 2 September 2009
- ...a certain number of preauthentication failures with a given time limit, a principal will be locked out from authenticating for a certain period of time. ...on (period in which lockout is enforced; a duration of zero means that the principal must be manually unlocked)11 KB (1,654 words) - 11:16, 17 November 2010
- | principal | principal4 KB (626 words) - 10:34, 29 September 2009
- ..."windc" plugin that implements methods for MS PAC generation, signing, as well as AS-REQ authorization. We could have wrapped the former inside an authdat if (proxy == extension.principal)12 KB (1,754 words) - 00:08, 16 February 2010
- KRB5SignedPathPrincipals ::= SEQUENCE OF Principal client[0] Principal OPTIONAL,6 KB (837 words) - 00:30, 16 February 2010
- ...This project allows users to obtain Kerberos tickets even if they have no principal registered in a realm. Use cases include hiding identity of a user for pri ...for the client principal. This principal will never appear in the service principal.6 KB (878 words) - 16:43, 12 December 2012
- ...res. The first is support for Unicode principal names and case insensitive principal search. The goal of this project is to get behavior more similar to Microso ...second feature is generalized support for name canonicalization and server principal aliases.5 KB (802 words) - 10:03, 21 November 2009
- [[Principal|principals]] to authenticate to a remote service without disclosing their i In completely anonymous Kerberos, a principal can authenticate to a realm with no Kerberos identity in that realm. Diffi2 KB (379 words) - 12:46, 11 January 2010
- certificate is known by all clients; any certificates signed by this ...er forms of user authentication, then each user will need a certificate as well.10 KB (1,462 words) - 21:32, 8 October 2013
- ...rsome; for instance, there is a 50+ line function in libkadm5srv to copy a principal into storage allocated by the DB module. ...re never productively used. A principal name can only have one associated principal. The db_get_policy function has a similar argument "cnt" which makes equal16 KB (2,715 words) - 13:24, 12 October 2010
- * The list of the desired plugin implementations is known to the specific PLI which is aggregated within PM (2); plugin_pwd_qlty_check(plugin_handle, srv_handle, password, use_policy, pol, principal);22 KB (3,322 words) - 14:57, 3 August 2010
- ...ying the BDB back end to sleep() for a minute when looking up a particular principal name such as "slowuser". While testing, note that libkrb5 will retry reque ...ld need a special stub KDB back end to cause worker processes to block, as well as a way to control the client retry loop.6 KB (1,080 words) - 11:54, 1 October 2010
- # If the remote realm is already known, and its key is still valid for long enough, the local KXOVER deamon return The KDC admin has to create a principal for the deamon in the database in order to allow secure communication betwe10 KB (1,584 words) - 07:08, 14 February 2018
- Simo mentions problems with SELinux, etc. where shared service principal but can't share rcache due to being in separate security domains. Some dis1 KB (155 words) - 19:26, 3 January 2011
- The current in-memory data structure for KDB principal entries is designed around the needs of the DB2 module. As a result, it is This project is to redesign the in-memory structure for KDB principal entries, either by making it totally opaque, or just by making it more logi965 bytes (150 words) - 05:57, 20 July 2010
- ...otp''' user string is unset, the '''otp''' plugin will be disabled for the principal. ..., the '''otp''' plugin will look up the '''otp''' user string on the given principal. If the string is set (i.e. non-NULL), a generic PA-OTP-CHALLENGE will be s5 KB (801 words) - 14:26, 11 October 2013
- ...e><i>principal/</i>SECURID</code> principals to enable SecurID for a given principal. If this is done, then the KDC will call into the SecurID SDK and request a4 KB (580 words) - 16:09, 18 October 2010
- * The principal name. * The name of the password policy associated with the principal, if any.6 KB (870 words) - 13:25, 12 October 2010
- * Principal creation * Principal modification6 KB (779 words) - 13:37, 12 October 2010
- ;Shawn: issues with multi-tierd using file replay caches. sharing "host" principal. locking issues? Multiple threads independently open an rcache; mutex only1 KB (204 words) - 19:19, 3 January 2011
