Starting KDC daemon on Redhat9 fails not finding master key
Hi, I followed the directions in Brian Tung's article on Kerberos for Dummies to set up a KDC on a Redhat9 Linux system. Upon trying to start the daemon, I get a failure, with the log indicating that the master key can't be located. Where is the master key stored and what configuration file/parameter indicates this? I assume, per the directions, that I can kick off the KDC daemon before the Kadmin one, as the article seems to say. Thanks for any help. PL -- Keep it brief: http://www2.paypc.com/mailrules/ ...

xpc target
Hi, I just configured xpc target on my computer. "xpxtest" works fine, so does building my own model and connecting to the target. However, when I hit the start button I get the following error: "External Mode Open Protocol Start command failed" I already tryed several Matlab versions, including Matlab 2011a (64bit), which spits out the same error. A colleague of mine already has the same setup (and model) running on his computer without any problems. Currently I am running: Windows 7 Matlab 2010b Sp1 (32bit) (Target host version 4.4) Compiler: Visual Studio 2008 Pro t...

MIT Kerberos KDC & W2K Client: Changing expired password issueMIT Kerberos KDC & W2K Client: Changing expired password issue
Hi, I also experienced the same problem as William G.Zereneh (http://mailman.mit.edu/pipermail/kerberos/2004-May/005341.html). I'm able to change the password using ctrl-alt-del, but when the password is expired and windows asks me to change the password, I encountered "Domain MIT.REALM.COM is not available" error. As I sniff the packet, it noticed that it sent a CLDAP query message with filter: (&(DnsDomain = MIT.REALM.COM)(Host = myhostname)(NtVer=\006) which is returned NULL by my _ldap._tcp.dc._msdcs.REALM.MIT.COM How to resolve this problem ? maybe there's a missing entry in my DNS ? Is it mandatory for the MIT Kerberos KDC (I installed it on RedHat Linux) to have an LDAP service to resolve the CLDAP request ? and can LDAP actually entertains CLDAP request since LDAP is using TCP while CLDAP is using UDP ? Can I resolve the CLDAP request using Windows 2000 server instead ? Any ideas will be very appreciated Regards from newbie, lara ===== ------------------------------------------------------------------------------------ La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit - Guy de Maupassant - ------------------------------------------------------------------------------------ __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ ____________________________________...

Help on Unix kerberos client->win2k3 kerberos KDC
Hello, I am a newbie to kerberos authentication, and what I am trying to do is to use a Unix ldap client authenticate to the win2k3 server, and add a user to it. The way I tried to do is by following MIT's tutorial and sample code under www.mit.edu/afs/athena/astaff/project/ ldap/AD99/kerberossamp.txt. and I configured the Unix machine based on Microsoft tutorial http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp =========> I can successfully import a tgt from win2k3 KDC server by running kinit, here is the result: $ kdestroy $ kinitPassword for mwang@SYSTEST.abc.COM: $ klist Ticket cache: FILE:/tmp/krb5cc_1023 Default principal: mwang@SYSTEST.abc.COM Valid starting Expires Service principal 10/31/03 17:53:08 11/01/03 03:50:48 krbtgt/SYSTEST.abc.COM@SYSTEST.abc.COM renew until 11/01/03 17:53:08 Kerberos 4 ticket cache: /tmp/tkt1023 klist: You have no tickets cached ===========> Then I tried to run adduser program, I made a little change to the code to set some default values. Here is the result: (New user account is: nweuser) LDAP service name: ldap@bloomber-vy45cz.systest.abc.com ==> client_establish_context Sending init_sec_context token (size=1254)... 60 82 04 e2 06 09 2a 86 48 86 f7 12 01 02 02 01 00 6e 82 04 d1 30 82 04 cd a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 04 05 61 82 04 01 30 82 03 fd a0 03 02 01 05 a1 17 1b 15 53 59 53 54 45 53 54 2e 42 4c 4f 4f 4d 42 45 52...

Kerberos KDC
Hello All, I am trying to set up a Kerberos 5 KDC on my servers. I run Windows IIS 6.0 and our management does not want to use Kerberos through AD. I was wondering if anyone could help me on where to start. Thanks in advance ...

Solaris 10 Kerberos KDC ignores settings in kdc.conf
I've configured Sun's Kerberos on a solaris 10 box. Everything seams to work straight, creating database, creating principles etc.. But the KDC ignores quite a few options in kdc.conf file, including: max_life = 12h 0m 0s max_renewable_life = 7d 0h 0m 0s default_principal_flags = +forwardable Not matter how I set these options, I _always_ get these for principles: Maximum ticket life: 24855 days 03:14:07 Maximum renewable life: 24855 days 03:14:07 Attributes: It seams Sun has some defaults set and are unchangeable. The gkadmin GUI utility shows the two life period exactly as the above number. If you change and save the changes, next time you run gkadmin, the old values come back. Has anyone seen the same behavior? And how to fix it? MIT Kerberos works fine, but to utilize Sun's PAM migration module for our existing user base (900 users), I need to run Sun's at least when we are migrating users. Applying Sun's Kerberos patch 120469-07 did not fix the problem. TIA, Qing Chang ...

question about MIT Kerberos KDC processing PROXY KDC requests
Hello, I understand that proxiable/proxy tickets are rarely used and the corresponding code in the MIT Kerberos implementation is not very well tested. However, I found two possibly buggy places in the KDC code, so I think this is worth asking about. I used the MIT Kerberos distribution and was able to make proxiable/ proxy tickets work, but had two make two changes in the KDC source code. I would like to ask if these are really bugs or not. We use the MIT Kerberos 1.6.3 release. Both suspicious places are in kdc/ kdc_util.c, validate_tgs_request(): 1. line 1144: if (request->kdc_options & NO_TGT_OPTION) { if (!krb5_principal_compare(kdc_context, ticket->server, request_server)) { *status = "SERVER DIDN'T MATCH TICKET FOR RENEW/FORWARD/ETC"; return(KDC_ERR_SERVER_NOMATCH); } } NOT_TGT_OPTION is defined as: #define NO_TGT_OPTION (KDC_OPT_FORWARDED | KDC_OPT_PROXY | KDC_OPT_RENEW | KDC_OPT_VALIDATE) The KDC returns an error here if the server principal in the ticket does not match the one in the KDC request. I can see how this check is required for the "forwarded", "renew" and "validate" KDC requests. However, for a proxy ticket request, it seems that: - the ticket must be a TGT with ticket->server = krbtgt/R1@R2, for some R1 and R2 - the KDC request must have a server principal request->server = the target application server's Kerberos principal Should the #define NO_TGT_OPTI...

starting again! why fails?
Hello, The following code works with document.getElementById('picture').src = window["picture"][0].src; but not if I increase the index to 1, ie document.getElementById('picture').src = window["picture"][1].src; Why is this?! Geoff <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <HEAD> <link rel=stylesheet href="slider.css" type="text/css"> <script type="text/javascript"> var picture = new Array(); var ig = 0; var ig_max = 7; function preload_img...

cx_Oracle throws: ImportError: DLL load failed: This application has failed to start ...
I'm on Windows XP SP3, Python 2.7.1. On running import cx_Oracle I got the error ImportError: DLL load failed: This application has failed to start because = the application configuration is incorrect. Reinstalling the application ma= y fix this problem. I then ran Dependency Walker on cx_Oracle.pyd. Its first complaint was abou= t msvcr80.dll. However, this file is present in C:\WINDOWS\WinSxS\x86_Micro= soft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07. (I believe it's = part of the MS Visual Studio C++ 2008 package which I installed.) I obviously uninstalled and reinstalled the cx_Oracle a couple of times but= so far to no avail. Does anybody have a clue what to try next? For a screenshot of Dependency Walker, please see: https://dl.dropboxuserco= ntent.com/u/116120595/dep_walker_orac.jpg On Mon, Nov 25, 2013 at 4:12 AM, Ruben van den Berg <rubenvandenberg1978@gmail.com> wrote: > ImportError: DLL load failed: This application has failed to start becaus= e the application configuration is incorrect. Reinstalling the application = may fix this problem. > > I then ran Dependency Walker on cx_Oracle.pyd. Its first complaint was ab= out msvcr80.dll. However, this file is present in C:\WINDOWS\WinSxS\x86_Mic= rosoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07. (I believe it'= s part of the MS Visual Studio C++ 2008 package which I installed.) Welcome to DLL hell... There is one thing I woul...

AD KDC - msktutil
Hi, I have this error (see subject) when using msktutil. Any idea what's wrong with my setup? (I've replaced hostnames and OU structure) /etc/krb5.conf (part) ========== [libdefaults] default_realm = EXAMPLE.ORG dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] EXAMPLE.ORG = { default_domain = msnet.railb.be kdc = ictdc01.example.org admin_server = ictdc01.example.org admin_keytab = FILE:/etc/krb5.keytab } [domain_realm] .example.org = EXAMPLE.ORG example.org = EXAMPLE.ORG msktutil --create -h tstweb01 -b "OU=Linux Servers" --server ictdc01 -- verbose -- init_password: Wiping the computer password structure -- get_default_keytab: Obtaining the default keytab name: FILE:/etc/ krb5.keytab -- create_fake_krb5_conf: Created a fake krb5.conf file: / tmp/.msktkrb5.conf-fbUui1 -- reload: Reloading Kerberos Context -- get_short_hostname: Determined short hostname: tstweb01 -- finalize_exec: SAM Account Name is: tstweb01$ -- try_machine_keytab_princ: Trying to authenticate for tstweb01$ from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (No such file or directory) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for host/ tstweb01.example.org from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos ...

Solaris 10 Kerberos KDC ignores settings in /etc/krb5/kdc.conf
Greeting, sorry if I sent this in twice. I've configured Sun's Kerberos on a solaris 10 box. Everything seams to work straight, creating database, creating principles etc.. But the KDC ignores quite a few options in kdc.conf file, including: max_life = 12h 0m 0s max_renewable_life = 7d 0h 0m 0s default_principal_flags = +forwardable Not matter how I set these options, I _always_ get these for principles: Maximum ticket life: 24855 days 03:14:07 Maximum renewable life: 24855 days 03:14:07 Attributes: It seams Sun has some defaults set and are unchangeable. The gkadmin GUI utility shows the two life period exactly as the above number. If you change and save the changes, next time you run gkadmin, the old values come back. Has anyone seen the same behavior? And how to fix it? MIT Kerberos works fine, but to utilize Sun's PAM migration module for our existing user base (900 users), I need to run Sun's at least when we are migrating users. Applying Sun's Kerberos patch 120469-07 did not fix the problem. TIA, Qing Chang ...

LogonUserID in Chinese Authentication failed at KDC (Intigrity check Failed.errorcode :31)
Hi, I have one issue authenticating Chinese user with KDC.i am using KFW libraries (1.6.2). i have converted USER name to UTF-8 so then KDC is able to recognize User at openLDAP. But Key Generation is getting failed (TIMESTAMP pre-authentication and DES encryption (3) is used at Client) Please provide me some inputs, how can I make it authenticating using Chinese User ID? But with same user java client is able to get TGT. ( I am suspecting Key generation is some problem in C++ for Time stamp pre-authentication). I absorbed the key generated at KDC side and Key (as_key) MIT client side are different. I have tried using Network Identity manger but it is also returning client not found in Kerberos Database. Regards, Eswar S **************************************************************************** *********** This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! ...

Oracle 9i Database Clone fails becaus 2nd Listener fails to start
Hi! I'm new to Oracle and I just set up an Oracle 9i Database on a WinXP Prof. System. The first one Database is now running pretty fine but now the Problem is, I need a second one. So I created a new Database and a new Listener. 1st Problem is, the Listener fails to start (ORA-12541: TNS:no listener) - why?? And you can imagine, if I furter try to clone my running Database it fails. Another thing is, that's impossible to start the ManagementServer Service - Error 1075 Another Service is required. Is the Management Server necessary for the 2nd Listener? Thx!! Christian Meier You don't need a second listener. A listener will service many databases. Likely the listener fails to start because you used the same port for the second listener as the first listener. You also probably don't need a second database, unless to store the Oracle Enterprise Manager Repository. Without a repository the Management Server won't start. Use the Enterprise Manager Configuration assistant to create a repository. The Management Server has nothing to do with the second listener. -- Sybrand Bakker Senior Oracle DBA Thank's a lot!! It took some time but now 2nd DB is running ver well. Christian ...

Kerberos V5 refuses authentication because Kerberos checksum verification failed: Bad encryption type
Colleagues, What could be the reason that I cannot telnet from FreeBSD to Solaris 10 with the following error: Connected to oracle.sibptus.tomsk.ru. Escape character is '^]'. [ Trying mutual KERBEROS5 (host/oracle.sibptus.tomsk.ru@SIBPTUS.TOMSK.RU)... ] [ Kerberos V5 refuses authentication because Kerberos checksum verification failed: Bad encryption type ] [ Trying KERBEROS5 (host/oracle.sibptus.tomsk.ru@SIBPTUS.TOMSK.RU)... ] [ Kerberos V5 refuses authentication because Kerberos checksum verification failed: Bad encryption type ] Password: Kerberized telnet and ssh work fine between FreeBSD systems, but Solaris is a problem. The kdc is Heimdal running on FreeBSD. The keytab for the host principal was exported on FreeBSD and then transferred to Solaris and imported there. Thank you in advance for any input. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ I believe that solaris (as as solaris 9) only supports des-cbc-crc encrypion. Hope that helps, Steven --- Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su> wrote: > Colleagues, > > What could be the reason that I cannot telnet from > FreeBSD to Solaris 10 > with the following error: > > Connected to oracle.sibptus.tomsk.ru. > Escape character is '^]'. > [ Trying mutual KERBEROS5 > (host/oracle.sibptus.tomsk.ru@SIBPTUS.TOMSK.RU)... ] > [ Kerberos V5 refuses authentication because > Kerberos checksum verification failed: Ba...

START: IF NOT(infiniteLoop(START)) THEN GOTO START
START: IF NOT(IinfiniteLoop(START)) THEN GOTO START is function infiniteLoop() programmable? infiniteLoop(X) <-> TRUE IFF function X does not terminate infiniteLoop(X) <-> FALSE IFF function X terminates Herc ...

SPSS 16.0.2 failed to start up! [err: Attempt to connect to a remote server failed inet:Local Computer:0]
Hi all, I used to get SPSS 16.0 working on my PC, but unfortunately after a blue screen i had to reinstall Windows XP. I installed SPSS 16.0 and apply both patches SPSS1601WindowsPatch.exe, SPSSWindows16.0.2Patch.exe. I try to launch SPSS 16 I keep having the following error message: (I hoped SPSS 16.0.2 patch fix this!) "Attempt to connect to a remote server failed inet:Local Computer:0." The only difference that I can see from my previous installation is that I updated my Windows XP to SP3... I am not an expert in SPSS than any suggestion will be appreciated. Thxxxx ...

Re: I am looking for some information on ELAN protocol for Siemens analyzers and also some information on AK protocol for California Analytical Analyzers. Mainly I need a starting point to...
Hi Dave, &nbsp; We recently purchased a Siemens Ultramat analyzer and therefore I am very much interested in your set of vi's to communicate with it. I would really appreciate it if you could send the vi's to <a href="mailto:esmit@interfocos.nl" target="_blank">esmit@interfocos.nl</a> Many thanks! Best regards Eric &nbsp; Eric, Attached to a private email.&nbsp; Let me know if you find them useful.&nbsp; Since they were written for an Oxymat, not an Ultramat, you may find that some of the auxiliary functions are not applicable.&nbs...

Re : I am looking for some information on ELAN protocol for Siemens analyzers and also some information on AK protocol for California Analytical Analyzers. Mainly I need a starting point to...
Hi all, Just a feedback for Dave and his "magical" VI. I receive my ethernet/rs485 converter (from Moxa) this week and start testing communication with Oxymat61 and Ultramat23. It works very well. Siemens website hasn't many informations for ELAN protocol, so many thanks to Dave. His stuff was very useful.I use these instruments in a bench for testing domestic heating equipment, with also thermal measurement (RTD and thermocouples).RegardsLudos ...

Re: I am looking for some information on ELAN protocol for Siemens analyzers and also some information on AK protocol for California Analytical Analyzers. Mainly I need a starting point to... #
Dave,i hope you still have a look on this thread sometimes.I would like to post my mail adress to. Could you send me your magic-code too?We would like to test it with our Ultramat23rschoeniger@autosoft-nb.deRegardsRonnyMessage Edited by foxi@autosoft on 05-20-2008 04:30 AM I sent you a reply via private email at the address you specified. &nbsp; Dave ...

T20 fails to start
My Thinkpad T20 fails to start. Pushing the power button does nothing but make the battery and HDD light flicker for a fraction of a second. Nothing else happens. The battery is full and should work well but the notebook does not power up at all even with the AC adapter plug in. What's going wrong? Gilbert Schroeder <gibs@valain.com> wrote: > My Thinkpad T20 fails to start. Pushing the power button does nothing > but make the battery and HDD light flicker for a fraction of a > second. Nothing else happens. The battery is full and should work well > but the notebook doe...

JVM start failed
Hi, i tried to write Java STP's on linux with DB2-7.2.5 and getting the error SQL4301N , UC:"0", SQLSTATE=58004. I've also switched KEEP_DARI to no, JDK_PATH11.... and couldn't get them run. SQL-Procedures running well. Tx for Answers.. P.S: JDK J2SE Runtime 1.4.1_02-b06, mixed mode, Suse 8.2, DB2-7.2 Meir Georg wrote: > Hi, > i tried to write Java STP's on linux with DB2-7.2.5 and getting the error > SQL4301N , UC:"0", SQLSTATE=58004. > I've also switched KEEP_DARI to no, JDK_PATH11.... and couldn't get them > run...

KDC does not properly start
Hello, I am getting the same problem as here: http://diswww.mit.edu/menelaus.mit.edu/kerberos/24132 (follow up: http://diswww.mit.edu/menelaus.mit.edu/kerberos/24134) I have tried recompiling with the modification mentioned in the follow up. I receive the following in the logs: krb5kdc: zapping scope 253 to 0 krb5kdc: Invalid argument - Cannot bind server socket to port 88 address fe80::20b:dbff:feb4:5606%253 and it still does not work. In the follow up, Ken asked "grep ifaddrs config.cache" in "src" show. It show: ac_cv_func_getifaddrs=${ac_cv_func_getifaddrs=yes} ac_cv_header_ifaddrs_h=${ac_cv_header_ifaddrs_h=yes} I tried recompiling without IPv6 support, and I get: krb5kdc[32446](info): skipping unrecognized local address family 17 krb5kdc[3897](info): listening on fd 6: udp xxx.xxx.xxx.xxx.88 krb5kdc[3897](info): skipping local ipv6 addresses krb5kdc[3897](info): set up 1 sockets krb5kdc[3898](info): commencing operation in the logs and still nothing on port 88 (udp or otherwise). Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-07-20 10:53 PDT Interesting ports on localhost.localdomain (127.0.0.1): PORT STATE SERVICE 88/udp closed kerberos-sec I am using Ubuntu Linux 5.04: The Hoary Hedgehog (kernel 2.6.10-5-386). Any help is appreciated. Thanks. -Yury ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Variable kdc on kerberos.
Hi All, is there a way to set a variable, instead of a constant on the kerberos config file under the kdc option? I've a lot of Active Directory on my network, so if I want contact the closer one I've to use variables to retrieve informations of our local Dns. Many thanks ...

Applications that start to fail after a while
I've seen this problem may times and with DIFFERENT applications, although it's hard to systematically reproduce it. Here's what bothers me: o Everything works fine for days on o Then I run some application which crashes o No big deal, I think, I'll just restart it *** Alas: it crashes every time I try to start it again. Nothing but a reboot fixes the problem. On the other hand, all else seems to run ok. So my question is, if anyone has seen this, is there a fix to it, which is less radical than a reboot? I cannot determine what exactly is going wrong, but it ap...