f



Changing master key (Kerberos authentication server+LDAP database)

Is it possible to change the master key of a realm when LDAP is used
as the database server? The stash file is not present since LDAP is
used. Appreciate any help on this.

Thanks,
Anubha
0
anuafs84 (2)
7/27/2011 12:28:27 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
728 Views

Similar Articles

[PageSpeed] 43

Reply:

Similar Artilces:

Trouble authenticating with Kerberos & LDAP
I've been very frustrated trying to get this to work. We are trying to use a windows 2003 server as our Kerberos server, along with our openldap on solaris as our directory server. The machines we want to authenticate on are all Solaris 9. The ldap tree is fully populated, and working properly. With our current nsswitch.conf, logins work using the ldap directory (with posixAccount & shadowAccount records), as does a getent passwd <ldapusername>. Also, we have our Windows 2003 server's directory setup with named users, and with our current pam.conf, we can authenticate aga...

Microsoft SSPI error
Hello, I have configuration of active directory 2003 r2 sp3 working with linux mod_auth_kerb. I use SPNEGO for subversion. When using Linux all work great! When using Windows XP(and Windows 7) Firefox/IE/cifs client work great. Problem is subversion which uses neon, it get the following: --- Running post_send hooks ah_post_send (#1), code is 201 (want 401), WWW-Authenticate is Negotiate oYGfMIG coAMKAQChCwYJKoZIhvcSAQICooGHBIGEYIGBBgkqhkiG9xIBAgICAG9yMHCgAwIBBaEDAgEPomQwYqA DAgEXolsEWTLvPLmZvxBgaMEmPDDTIeG9bdJ5rmfTEtsj6Cv9eF9s9Z8sBWhVhPXYzIVsm/sw0hqR+1u DM9frpOeV2Y0YGtDk2flN5iOM/HdEujj0GXAYEWHvPp/3kSc2 auth: SSPI challenge. InitializeSecurityContext [fail] [80090304]. sspi: initializeSecurityContext [failed] [80090304]. --- At windows event log I see the following: --- Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40962 Date: 10/3/2011 Time: 3:55:38 PM User: N/A Computer: VALON Description: The Security System was unable to authenticate to the server HTTP/correlux-gentoo.correlsense.com because the server has completed the authentication, but the client authentication protocol Kerberos has not. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. --- Had anyone seen this before? I tried many configurations, but without success: --- Gentoo --- dev-libs/openssl-1.0.0e -> also downgraded to openssl-0.9.8f www-servers/apache-2.2.21 www-apache/mod_auth_kerb-5.4 -> also downgraded to m...

replacing Heimdal with MIT Kerberos, and Kerberos key attributes in LDAP back-end
Hi all Since we are migrating from Debian to RedHat, we are considering replacing our Heimdal Kerberos server (with LDAP back-end) with an MIT Kerberos server (again with LDAP back-end) since RedHat packages are only available for MIT Kerberos. In order to make this migration/upgrade as transparent as possible for our users, we want to convert all the necessary info in the Heimdal back-end to the MIT back-end. Are there any pointers available for this kind of operation? E.g. things like conversion tables mapping the corresponding Kerberos-specific LDAP attributes? Or even scripts? I'm especially looking at the Kerberos key attributes, i.e. - Heimdal: krb5Key - MIT: krbPrincipalKey Is it possible to convert the former into the latter? Is there any code available for this operation? If not, we would have to require all our users to change their passwords at the same time, which is not very feasible. Thanks in advance Bart ...

is that common to use kerberos authentication for SUN iplanet LDAP server?
Hi guys, Does anyone have experience on this to share? I've set up a SUN LDAP server and it's running fine by using simple authentication so far. Of course I want to make it more secure (to protect the password while binding to LDAP server) so I'm thinking either MD5-Digest or Kerberos. However looks like SUN LDAP itself doesn't have kerberos abilities and I have to install SEAM (Sun Enterprise Authentication Mechanism) separately to enable Kerberos..... So I was thinking that if I can easily configure SUN LDAP to use MD5-digest then that should be the easiest however it seems that I have to store the password as plain-text in LDAP server to enable MD5-digest and I don't want to do that (Let me know if there are other easier ways to enable MD5-digest). So my question is that is it pretty easy to enable Kerberos for SUN LDAP after installing SEAM? Or can SUN LDAP use other KDC as well? Thanks a lot in advance ! P.S, I know LDAPS (LDAP over SSL) can easily achieve my goal however I kinda think it's an overkill since I don't really need to protect all the LDAP transactions except for the password part... -Kent ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Kent Wu wrote: > > So my question is that is it pretty easy to enable Kerberos > for SUN LDAP after installing SEAM? Or can SUN LDAP use other > KDC a...

RE: is that common to use kerberos authentication for SUN iplanet LDAP server?
Whether a directory can do SASL/GSSAPI data privacy and/or integrity is directory server specific. Some directories (AD) support privacy and/or integrity protection. Others (Sun) don't, so you must use SSL. One other thing to be aware of is that clients and downgrade the privacy and integrity protection. If clients can do downgrade the data protection, it makes me wonder if an attacker can downgrade the session. I haven't looked into it enough. -dan -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of Markus Moeller Sent: Thursday, September 01, 2005 1:24 PM To: kerberos@mit.edu Subject: Re: is that common to use kerberos authentication for SUN iplanet LDAP server? Craig, you say you use SASL + SSL. As far as I know SASL/GSSAPI can do encryption too. What was the reason not to use SASL/GSSAPI with encryption. And example is AD, which can be accessed via SASL/GSSAPI with encryption. Thanks Markus "Craig Huckabee" <huck@spawar.navy.mil> wrote in message news:4316DEC8.5060809@spawar.navy.mil... > Kent Wu wrote: >> >> So my question is that is it pretty easy to enable Kerberos for SUN >> LDAP after installing SEAM? Or can SUN LDAP use other KDC as well? > > We use Sun's LDAP server with PADL's GSSAPI plugin - we built our copy > against MIT Kerberos 1.3.x and use MIT KDCs. I think the binary versions > they sold previously also use MIT Kerber...

RE: is that common to use kerberos authentication for SUN iplanet LDAP server?
You can use Sun's Directory server with non Sun kdc, you just have to have SEAM (Sun's Kerberos) setup on the director server (ie - it needs the client libs). If you have an install on Solaris 9 or 10 I don't even then you need to install anything - the Kerberos libs are already there. (You will have to run the directory server on a Solaris box). See http://docs.sun.com/source/817-7613/ssl.html -dan -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of Kent Wu Sent: Wednesday, August 31, 2005 3:29 PM To: kerberos@mit.edu Subject: is that common to use kerberos authentication for SUN iplanet LDAP server? Hi guys, Does anyone have experience on this to share? I've set up a SUN LDAP server and it's running fine by using simple authentication so far. Of course I want to make it more secure (to protect the password while binding to LDAP server) so I'm thinking either MD5-Digest or Kerberos. However looks like SUN LDAP itself doesn't have kerberos abilities and I have to install SEAM (Sun Enterprise Authentication Mechanism) separately to enable Kerberos..... So I was thinking that if I can easily configure SUN LDAP to use MD5-digest then that should be the easiest however it seems that I have to store the password as plain-text in LDAP server to enable MD5-digest and I don't want to do that (Let me know if there are other easier ways to enable MD5-digest). So my question is th...

RE: is that common to use kerberos authentication for SUN iplanet LDAP server? #2
Markus, I know SASL/GSSAPI can do encryption according to the document however I tried a while back to enable the encryption against AD while doing kerberos authentication in my C program but failed. Did you really enable the encryption successfully in the program? If so then I must have missing something then.... Thanks. -Kent -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of Markus Moeller Sent: Thursday, September 01, 2005 12:24 PM To: kerberos@mit.edu Subject: Re: is that common to use kerberos authentication for SUN iplanet LDAP server? Craig, you say you use SASL + SSL. As far as I know SASL/GSSAPI can do encryption too. What was the reason not to use SASL/GSSAPI with encryption. And example is AD, which can be accessed via SASL/GSSAPI with encryption. Thanks Markus "Craig Huckabee" <huck@spawar.navy.mil> wrote in message news:4316DEC8.5060809@spawar.navy.mil... > Kent Wu wrote: >> >> So my question is that is it pretty easy to enable Kerberos for SUN >> LDAP after installing SEAM? Or can SUN LDAP use other KDC as well? > > We use Sun's LDAP server with PADL's GSSAPI plugin - we built our copy > against MIT Kerberos 1.3.x and use MIT KDCs. I think the binary versions > they sold previously also use MIT Kerberos. > > We now have several processes that regularly use only GSSAPI/SASL over > SSL to authenticate and communicate wi...

AD Server returning server not found kerberos database
Hi all, I am using MIT Kerberos to mutually authenticate with other user (Kerberos Server: AD Server), It is working fine with my newly installed active directory .But when I try to work with my Company AD Server to get service ticket for particular user I am getting "Server not found in Kerberos Database", But that user is there in AD . any option can change to get it work . I want to to know which option in ad makes mutual authentication between user and user makes fail. Do I need to use setspn to add service principle?? Please help me Regards, Eswar S **************************************************************************** *********** This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! ...

Kerberos Master Password for database
How can you verify that you have the correct password for a database that is already created? On 2006-11-18 00:45:15 +0100, "melanotus@gmail.com" <melanotus@gmail.com> said: > How can you verify that you have the correct password for a database > that is already created? Without a correct password Kerberos does not work, so if your KDCs are up and running you have the correct db password. If you remove (rename) the stash and recreate it, you may verify that your memory is good. Otherwise you remember an incorrect password. (Provided that I understand how Kerberos works... I may be wrong.) -- Sensei <senseiwa@Apple's mail> Research (n.): a discovery already published by a chinese guy one month before you, copying a russian who did it in the 60s. ...

Authentication with Kerberos & LDAP
Hello, I'm looking for material written about authenticating users in an LDAP directory with Kerberos. I would for example want to log into serveral servers via say SSH with an account present in an LDAP directory, and have this be authenticated with Kerberos. I've seen some half finished documents about this, mostly in linux environments, but nothings really good. Much appreciated if someone could point me in a direction. /Paul ...

Changing the database master key
Hello all, My understanding from previous discussions was that it was not possible to change the database master key for an MIT Kerberos KDC due to various bits that are encrypted in the master key. However, I noticed that the kdb5_util man page seems to indicate that it can under dump: -mkey_convert prompts for a new master key. This new master key will be used to re-encrypt the key data in the dumpfile. The key data in the database will not be changed. -new_mkey_file mkey_file the filename of a stash file. The master key in this stash file will be used to re-encrypt the key data in the dumpfile. The key data in the database will not be changed. Those options make it sound like I could use a technique like: 1. Create a new KDC database in a new location with an AES master key. 2. Dump the old database using -new_mkey_file pointing at the new stash. 3. Load the database dump into the new empty database. and thereby change the database master key. Is that correct? Does this fail for some reason? Has anyone done this? -- Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/> >My understanding from previous discussions was that it was not possible to >change the database master key for an MIT Kerberos KDC due to various bits >that are encrypted in the master key. However, I noticed that the >kdb5_util man page seems to indic...

Forgot Kerberos Master Key
Dear Team, I forgot kerberos master key but i have key stash file. How can I get the clear text password from the stash file. Regards, Bharathikannan R ...

MIT Kerberos KDC & W2K Client: Changing expired password issueMIT Kerberos KDC & W2K Client: Changing expired password issue
Hi, I also experienced the same problem as William G.Zereneh (http://mailman.mit.edu/pipermail/kerberos/2004-May/005341.html). I'm able to change the password using ctrl-alt-del, but when the password is expired and windows asks me to change the password, I encountered "Domain MIT.REALM.COM is not available" error. As I sniff the packet, it noticed that it sent a CLDAP query message with filter: (&(DnsDomain = MIT.REALM.COM)(Host = myhostname)(NtVer=\006) which is returned NULL by my _ldap._tcp.dc._msdcs.REALM.MIT.COM How to resolve this problem ? maybe there's a missin...

Server not found in Kerberos database #2
Hi, I'm a Java developer and new to Kerberos. We have a Java application that needs to be authenticated against Kerberos Active Directory. For testing purpose, we have Active Directory installed on a Win 2k server. Then, the Kerberos was turned on by a co-worker, who doesn't know much about Kerberos either. Without any manual about Active Directory, he did that based on his best judgement. Here are the basic setting information: (01) The Win2k server has FQDN: devtest.mycompany.com. (02) C:\WINNT\krb5.ini file looks like: [libdefaults] default_realm = DEVTEST.COM [realms] ...

Using ssh-keys for kerberos authentication
Hi! I'm wondering wether it is (at least theoretically) feasible to use a ssh-key to get kerberos tokens!? This is fairly important to me, since filesystems such as coda, afs of nfsv4 depend on kerberos-authentication to access the filespace. Patches for ssh exist that pass the token before trying to acces ..ssh/authorized_keys , but what if one doesn't even have tokens? Thanks in advance, Michael ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos >>>>> "Michael...

moving kerberos master to new server
Hello, Currently using kerberos 5. Soon I plan to migrate this server onto another hardware that will have a new hostname and IP, but same O/S level (aix). My first thoughts in doing this was to: Stop the master server, all clients will then goto to the slave for authentication. Install the krb5 binaries, without configuring the new master. Tar up the /var/krb5 and /etc/krb5 directories, then untar it onto the new host. Change the kdc and krb5 conf files with the new hostname. Start the new master up Would that work, or is there another sequence I should follow. Thanks Pete. Pete, Ideally it should work. But I would suggest you to take dump of KDC database and then move on to the new hardware. - Sachin. On Fri, Oct 23, 2009 at 5:33 PM, peter sands <peter_sands@techemail.com>wrote: > Hello, > Currently using kerberos 5. > Soon I plan to migrate this server onto another hardware that will > have a new hostname and IP, but same O/S level (aix). > > My first thoughts in doing this was to: > Stop the master server, all clients will then goto to the slave for > authentication. > Install the krb5 binaries, without configuring the new master. > Tar up the /var/krb5 and /etc/krb5 directories, then untar it onto the > new host. > Change the kdc and krb5 conf files with the new hostname. Start the > new master up > > Would that work, or is there another sequence I should follow. > > Thanks > Pete. > _______________...

Kerberos vs. LDAP for authentication -- any opinions?
At the risk of starting a religious war.... We currently use Kerberos for authentication for almost everything on our network. Some people here are advocating switching to using LDAP for authentication (we already have a pretty well developed LDAP infrastructure). This would of course require everyone to change their password as well the trauma of recoding applications that currently use Kerberos and haven't been converted to using PAM. Anyone have any pointers to information about the relative merits of using Kerberos or LDAP for authentication in a large heterogeneous environment? A...

UNKNOWN_SERVER
As always with things like this, it's hard to determine whether to send this here or to openafs-info. Can anyone tell me what is going on here? This is what krb5kdc logged when I logged into 129.83.11.213. -- sshd + UsePAM -- pam_krb5.so (RHELv4) -- pam_afs_session.so (PAM session module which uses aklog to get tokens from a K5 ticket). Apr 18 16:46:07 silmaril.foo.com krb5kdc[26891](info): TGS_REQ (1 etypes {3}) 129.83.11.213: UNKNOWN_SERVER: authtime 1176929167, jblaine@rcf.foo.com for afs/rcf.foo.com@rcf.foo.com, Server not found in Kerberos database Apr 18 16:46:07 silmaril.foo.com krb5kdc[26891](info): TGS_REQ (1 etypes {1}) 129.83.11.213: UNKNOWN_SERVER: authtime 1176929167, jblaine@rcf.foo.com for afs/rcf.foo.com@rcf.foo.com, Server not found in Kerberos database Apr 18 16:46:07 silmaril.foo.com krb5kdc[26891](info): TGS_REQ (1 etypes {1}) 129.83.11.213: ISSUE: authtime 1176929167, etypes {rep=16 tkt=1 ses=1}, jblaine@rcf.foo.com for afs@rcf.foo.com ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Jeff Blaine <jblaine@kickflop.net> writes: > Can anyone tell me what is going on here? This is what > krb5kdc logged when I logged into 129.83.11.213. > -- sshd + UsePAM > -- pam_krb5.so (RHELv4) > -- pam_afs_session.so (PAM session module which uses aklog to > get tokens from a K5 ticket). > Apr 18 16:46:07 silmaril.foo.com kr...

Server not found in Kerberos database #3
This is a multi-part message in MIME format. --------------010801060200000807020407 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit hello list, we want to use kerberos for authentication and to secure connections for telnet sessions. so i installed kerberos v5 for the debian system via apt-get and did the configuration. attached are the configs for this system. kinit works for a user, but the start of a telnet session is refused with the message "Authentication failed". i used the command "kinit stefan" and "telnet.krb5 -a -F vxr-r.imos.net." "vxr-r.imos.net" is the cisco router i want to connect to. when i look into the logs i see the following messages: Nov 11 09:49:28 alpha krb5kdc[8745](info): AS_REQ (1 etypes {1}) 192.168.3.3(16417): NEEDED_PREAUTH: stefan@IMOS.NET for krbtgt/IMOS.NET@IMOS.NET, Additional pre-authentication required Nov 11 09:49:30 alpha krb5kdc[8745](info): AS_REQ (1 etypes {1}) 192.168.3.3(16417): ISSUE: authtime 1100162970, etypes {rep=1 tkt=16 ses=1}, stefan@IMOS.NET for krbtgt/IMOS.NET@IMOS.NET Nov 11 09:49:33 alpha krb5kdc[8745](info): TGS_REQ (1 etypes {1}) 192.168.3.3(16417): UNKNOWN_SERVER: authtime 1100162970, stefan@IMOS.NET for host/vxr-r.imos.net@IMOS.NET, Server not found in Kerberos database Nov 11 09:49:33 alpha krb5kdc[8745](info): TGS_REQ (1 etypes {1}) 192.168.3.3(16417): UNKNOWN_SERVER: authtime 1100162970, stefan@IMOS.NET for host/vxr...

Kerberos authentication between XP and 2000 server
Hi, I am trying to use Windows 2000 server as KDC for an XP machine.I read that, by default if the 2000 server is configured as DC,kerberos is used as authentication method by default.I am not able to authenticate using Kerberos. Steps done: I have configured the windows 2000 server as DC and added the XP as computer to it and also added a user. I am able to login to the DC. I have downloaded the ktray tools from the microsoft site. On DC, when I use the ktray tool,I can see the client name: Administrator@MYDOMAIN.COM service name: krbtgt/MYDOMAIN.COM@MYDOMAIN.COM taget name : krbtgt/MYDOMAIN.COM@MYDOMAIN.COM On XP, I see nothing :( Can any body please say what could be the problem ? Thanks. The very first thing to check is DNS. You must have valid fully qualified domain names for your XP and 2000 Server machines or the Kerberos authentication will fail and the workstation will fallback to NTLM. mdj_frend@yahoo.com wrote: > Hi, > > I am trying to use Windows 2000 server as KDC for an XP machine.I read > that, by default if the 2000 server is configured as DC,kerberos is > used as authentication method by default.I am not able to authenticate > using Kerberos. > > Steps done: > I have configured the windows 2000 server as DC and added the XP > as computer to it and also added a user. I am able to login to the DC. > I have downloaded the ktray tools from the microsoft site. > > On DC, when I use the ktray tool,I can see the...

Server not found in Kerberos Database #4
Hi all, When do we get the error as "Server not found in Kerberos Database"? I have a KDC on Win2003 and a client which is a Linux (redhat) is trying to authenticate the users from this Active directory, which is on the win 2003 machine. I observed that in case we specify the wrong user name (which does not exist on the AD server) at the time of kinit command on Linux machine we get the error as "Client not found in Kerberos database". What is this server which is not found when I am trying to join the redhat client machine to the AD server? Thanks in advance for all the help Regards, Sayali --------------------------------- All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos > Hi all, > When do we get the error as "Server not found in Kerberos Database"? > I have a KDC on Win2003 and a client which is a Linux (redhat) is trying to authenticate the users from this Active directory, which is on the win 2003 machine. > I observed that in case we specify the wrong user name (which does not exist on the AD server) at the time of kinit command on Linux machine we get the error as "Client not found in Kerberos database". > What is this server which is not found when I am trying to j...

Error: Server not found in Kerberos database
Hello, I want to enable someone the access to my account by using the .k5login file. I did all necessary things and immediatly started off by trying: shell% ksu toka Nevertheless I wasn't able to get toka's ID but /home/toka contains the ..k5login file with my principal. Furthermore there's the following error message: ksu: Server not found in Kerberos database while geting credentials from kdc Authentication failed. ^ typo in krb5 I looked for solutions on google and discovered the url http://www.ncsa.uiuc.edu/UserInfo/Resour...

How to make LDAP data needed for Kerberos authentication
Hi, When I use the style of combination with Kerberos and OpenLDAP, I try to write java-codes with Novell LDAP Classes for Java to entry LDAP data needed for Kerberos authentication. Please tell me how to make LDAP data needed for Kerberos authentication or pointer (URL, Document, etc) to information for this purpose. Regards, --Shigeru -- Shigeru Ishida <ishida_shigeru@webgen.co.jp> INTEC Web and Genome Informatics Corporation. ISL BLDG 2F, 3-23 Shimoshin Town, Toyama City, Toyama., Japan, 930-0804 Web Site: www.webgen.co.jp ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos A list of useful links is here; http://swik.net/kerberos+LDAP+Java Shigeru Ishida wrote: > Hi, > > When I use the style of combination with Kerberos and OpenLDAP, > I try to write java-codes with Novell LDAP Classes for Java to > entry LDAP data needed for Kerberos authentication. > > Please tell me how to make LDAP data needed for Kerberos > authentication or pointer (URL, Document, etc) to information > for this purpose. > > Regards, > > --Shigeru > > -- > Shigeru Ishida <ishida_shigeru@webgen.co.jp> > INTEC Web and Genome Informatics Corporation. > ISL BLDG 2F, 3-23 Shimoshin Town, > Toyama City, Toyama., Japan, 930-0804 > Web Site: www.webgen.co.jp > > ________________________________________________ > Kerberos mail...

Authenticate user with Kerberos & LDAP-backend
Hi All There is a Ldap server which store many user serving the authentication in my company. Now, I set up a Kerberos server to implement single-sign-on mechanism, after that I see some idea about Kerberos and LDAP backend. It is great, I deploy it successfully on test server. But now, there is a thing I confuse: After using the LDAP-backend, can I use Kerberos to authenticate some services (SSH for example), LDAP to authenticate others services (FTP, HTTP, ... for example), and all attributes of user (cn,userPassword,... for example) to other usage, but user can change password by kpasswd tool ? Have anyone experienced this situation ? Please give me some idea and how to implement it. Thank you, Hung Ta ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Having been down this road, I can tell the you with complete confidence that... it depends. If the LDAP server is Active Directory, you can use LDAP or AD for authentication, and they'll both work with the same password. If you're using OpenLDAP and MIT Kerberos, it's a bit more of a problem, since you essentially end up with two sets of passwords, which is not pretty. If you're using PAM for everything, it's easier to get everything to use that instead. That way, you get SSO where applications support it, and where the don't, they still use the Kerberos back end via PAM. I did this for email, whe...

Web resources about - Changing master key (Kerberos authentication server+LDAP database) - comp.protocols.kerberos

Authentication - Wikipedia, the free encyclopedia
Authentication (from Greek : αὐθεντικός authentikos , "real, genuine," from αὐθέντης authentes , "author") is the act of confirming the truth ...

New Tools to Optimize App Authentication
At f8, we announced a redesigned Auth Dialog and a new authentication flow to give developers more control over people’s first experience with ...

Facebook Tells Some Developers They Have 48 Hours to Fix Authentication Data Leaks
... sent an email to what it calls a “very small percentage of the developer community” informing them their apps are suspected of leaking authentication ...

Lockdown - A better two-factor authentication experience on the App Store on iTunes
Get Lockdown - A better two-factor authentication experience on the App Store. See screenshots and ratings, and read customer reviews.


Sony Authentication Power Outlet Recognizes Users and Devices #DigInfo - YouTube
Sony Authentication Power Outlet Recognizes Users and Devices DigInfo TV - http://diginfo.tv 9/3/2012 NFC & Smart WORLD 2012 Sony Authentication ...

SafeNet brings Cloud-based authentication service to A/NZ
SafeNet has released its new Cloud-based authentication service, billed as Authentication-as-a-Service, in A/NZ.

Online account security: lazy authentication is still the norm
Even in the high-tech world of 2016, crims will be able to side-step your account security by making a phone call and saying they're you.

Digital authentication to become Google's next big focus
Streamlining the website login process a top priority, according to the company’s Australian business and consumer services manager Dan Metcalf. ...

ATO boosts service access via app and voice authentication
The ATO has announced it will extend its voice authentication system to its mobile app

Resources last updated: 3/10/2016 1:31:59 PM