f



Kerberos Cross Compiling

Hi

I'm trying upgrade from krb5-1.3.2 to krb5-1.3.4 in a cross compile 
enviroment, but it does not work.  I notice that are some changes in 
aclocal.m4, about cross compiling. I changed it so I can compile and use 
a MPC 8xx as a kerberos client, but the GSSAPI authentication don't 
work. In openssh I got a "Generic Unknow RC/IO error", with krlogind I 
got "Bad sendauth version was sent". Can you help me?

-- 
 ------------------------------------------------------------
 �v�  Sulamita Garcia			Cyclades Brasil
/(_)\ Projetista Software JR 
 ^ ^  Phone: 55 11 5033 3393

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
9/13/2004 7:53:49 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

4 Replies
877 Views

Similar Articles

[PageSpeed] 28

On Sep 13, 2004, at 15:31, Sulamita Garcia wrote:
> I'm trying upgrade from krb5-1.3.2 to krb5-1.3.4 in a cross compile 
> enviroment, but it does not work.  I notice that are some changes in 
> aclocal.m4, about cross compiling. I changed it so I can compile and 
> use a MPC 8xx as a kerberos client, but the GSSAPI authentication 
> don't work. In openssh I got a "Generic Unknow RC/IO error", with 
> krlogind I got "Bad sendauth version was sent". Can you help me?

If your tools all work, there's a good chance the problem is in the 
results of the configure tests.

There are probably a few tests that are run that assume that the host 
and target systems (borrowing the GNU terms for cross-compilation 
environments) are the same.  We don't do testing of cross-compilation 
environments, so I can't really tell you which or how many.  I can tell 
you that running "make check" is likely to be very difficult....

If you can identify any configuration tests which are assuming the host 
and target are the same, but can fairly easily be made to not make that 
assumption (e.g., transforming a test from "runs without crashing if 
property X is true" to "won't compile unless property X is true"), we'd 
be happy to take patches.  I might be able to give a limited amount of 
help, though I can't promise anything.  (I've got a couple important 
projects that are not as far along as I'd like.)  Some of the tests may 
be of the form "does X work" or "does X behave this way", which 
requires running a program.  I don't think there's much we can do about 
that.

If some test results need to be forced to have certain results, for 
most of them, you can set the autoconf cache variables in the 
environment or in config.cache before running configure.  You might try 
looking at config.cache after configuring 1.3.2 and 1.3.4 to see where 
they differ.

As for these specific errors, I would probably start by instrumenting 
the code where these error codes are used, to log somewhere the file 
and line number where it's triggered, and any useful information from 
the context (e.g., what sendauth version appears to have been sent).  
If you've got a working debugger, you could also just set breakpoints 
at a bunch of places where the error code could be produced, but 
especially if the compiler is aggressive about optimization, you may 
have trouble properly setting breakpoints based on line numbers.

Ken

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
raeburn (375)
9/13/2004 9:12:46 PM
Ken Raeburn wrote:

> If you can identify any configuration tests which are assuming the 
> host and target are the same, but can fairly easily be made to not 
> make that assumption (e.g., transforming a test from "runs without 
> crashing if property X is true" to "won't compile unless property X is 
> true"), we'd be happy to take patches.  I might be able to give a 
> limited amount of help, though I can't promise anything.  (I've got a 
> couple important projects that are not as far along as I'd like.)  
> Some of the tests may be of the form "does X work" or "does X behave 
> this way", which requires running a program.  I don't think there's 
> much we can do about that.

The first change I notice is when configure is checking for regcomp:

checking for working regcomp... configure: error: Cannot test regcomp 
when cross compiling

So we changed the aclocal.m4 :
346,348c346
<   errprint(__file__:__line__: warning: Cannot check for file existence 
when cross compiling
< )dnl
<   AC_MSG_ERROR(Cannot check for file existence when cross compiling)
---
 >     eval "ac_cv_file_$ac_safe=yes"
714c712
< ], ac_cv_func_regcomp=yes, ac_cv_func_regcomp=no, AC_MSG_ERROR([Cannot 
test regcomp when cross compiling]))])
---
 > ], ac_cv_func_regcomp=yes, ac_cv_func_regcomp=no, 
ac_cv_func_regcomp=yes)])

So I can compile. This used to work on 1.3.2.
The diferences in config.cache are few and I don't think are related, but...

16d15
< ac_cv_c_bigendian=${ac_cv_c_bigendian=yes}
161a161
 > ac_cv_header_endian_h=${ac_cv_header_endian_h=yes}
170a171
 > ac_cv_header_machine_endian_h=${ac_cv_header_machine_endian_h=no}
343c344
< krb5_cv_sys_rcdir=${krb5_cv_sys_rcdir=/tmp}
---
 > krb5_cv_sys_rcdir=${krb5_cv_sys_rcdir=/var/tmp}


There is some place where I can see a log about changes? I can set 
breakpoints and stuff, but will be much more longer when I have no idea 
for where start... well, probably seeking this message errors...

-- 
 ------------------------------------------------------------
 �v�  Sulamita Garcia			Cyclades Brasil
/(_)\ Projetista Software JR 
 ^ ^  Phone: 55 11 5033 3393

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
9/14/2004 1:53:32 PM
Does your platform have a /var/tmp directory?  IT sounds like your
platform managed to move where the replay cache lives between these
two versions.

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
hartmans (370)
9/14/2004 3:36:46 PM
Sam Hartman wrote:

>Does your platform have a /var/tmp directory?  IT sounds like your
>platform managed to move where the replay cache lives between these
>two versions.
>
>  
>
Bingo.
Thank you so much...

-- 
 ------------------------------------------------------------
 �v�  Sulamita Garcia			Cyclades Brasil
/(_)\ Projetista Software JR 
 ^ ^  Phone: 55 11 5033 3393

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
9/14/2004 4:26:59 PM
Reply:

Similar Artilces:

MIT Kerberos or Heimdal Kerberos?
Hi, How do I know the server install in the system is MIT Kerberos or Heimdal? I m using FreeBSD 5.2.1 Thanks sam ...

migration from Kerberos 4 to Kerberos 5
Hello, I have a few questions about migration to a new Kerberos version. In fact, the goal is to migrate a network with Kerberos 4 to the Kerberos 5(under Lin8x): 1) Do I have to reinstall Kerberos from the scratch or are there packages that allow to update the version? 2) What about the users that I created, are they still valid or will user information be lost. Part of the network uses already an LDAP directory, do I suppose this will not be a problem for this part, but in general, how can I migrate my user-accounts to the new version? 3) What about the clients, do I have to re-install the Kerberos-client on each workstation or can I use the "old" Kerberos clients? Could anybody answer my questions and perhaps give me some good hints for the migration respectively point me to some good documents? Thanx, CB ...

MIT Kerberos and Solaris 10 Kerberos
Greetings, everyone. We run a number of Solaris 8 systems using Sun's SEAM PAM implementation and MIT's Kerberos (which we're up to date on). We are starting to look at Solaris 10, and are hoping to move towards Sun's implementation of Kerberos. We are having a bit of trouble getting the two to talk properly, however. If we SSH (from production to test, for example) to a Solaris 8 machine, then we can rlogin (Kerberized) to the Solaris 10 machine and, from there, rlogin to a Sol8 machine again. If, however, we SSH directly to the Solaris 10 machine, we cannot rlogin to a Solaris 8 machine. Doing various experiments (for example, trying to ksu on the Sol 10 machine), the only error we ever get is: ksu WARNING: Your password may be exposed if you enter it here and are logged in remotely using an unsecure (non-encrypted) channel. Kerberos password for ux5p@ATCOTEST.CA: : ksu: Server not found in Kerberos database while geting credentials from kdc Authentication failed. Doing an rlogin to a Sol 8 machine gives no errors at all; it just quietly fails. The above error seems to indicate that the Solaris 10 Kerberos isn't passing the tickets to the Sol 8/MIT Kerberos servers (which, based upon certain differences, would not be a big surprise). Has anyone gotten this to work? The Sol 10 system is using the default Solaris 10 PAM implementation as well; not sure if this is part of the problem, but the configuration files are significantly different. Th...

FTP and Kerberos
Hi, I get the following Kerberos related error when i do FTP from another machine(redhat 9.0) to my machine(redhat 9.0). How to solve this problem ? Should i Need to start/stop some daemons ? here is what happens when i do FTP !!! --------->>>>>>>>> Here is it .....>>>> Connected to 107.108.89.173. 220 localhost.localdomain FTP server (Version 5.60) ready. 334 Using authentication type GSSAPI; ADAT must follow GSSAPI accepted as authentication type GSSAPI error major: Miscellaneous failure GSSAPI error minor: No credentials cache found GSSAPI error: in...

Compiling MIT Kerberos 1.3.3...or should I say NOT compiling
For starters, I've only experimented with Linux through the years. Loading it to see what progress it has mad. Simply put, I'm a noob. A little history. I'm trying to get Linux into my corporate Windows 2003 ADS tree. I can join ADS and have successfully shared directories to my ADS groups. Experiments have been somewhat successful but I have trouble repeating the process. I say its somewhat successful because authentication is sporadic at best. I think I've narrowed it down to multiple versions of Kerberos. One version is installed at O/S load time, 1.2.7 (/usr/kerberos) and one I'm trying to upgrade to (/usr/local - in the MIT binaries). I'm trying to compile Kerberos 1.3.3 to /usr/kerberos with: ../configure --prefix=/usr/kerberos make Its failing with the make command. I should point out that it fails with the make command even if I do not specify the --prefix. The last few lines are: tcl_ovsec_kadm.c:1982: `interp' undeclared (first use in this function) tcl_ovsec_kadm.c:1983: `TCL_GLOBAL_ONLY' undeclared (first use in this function)tcl_ovsec_kadm.c:1996: warning: implicit declaration of function `Tcl_CreateCommand' make[3]: *** [tcl_ovsec_kadm.o] Error 1 make[3]: Leaving directory `/root/install-config/krb/krb5-1.3.3/src/kadmin/testing/util' make[2]: *** [all-recurse] Error 1 make[2]: Leaving directory `/root/install-config/krb/krb5-1.3.3/src/kadmin/testing' make[1]: *** [all-recurse] Error 1 make[1]: Leaving...

Kerberos?
Who's using Kerberos authentication? Any pointers to procedure or documentation will be appreciated! Hi James, Not Me! But have a look at Doc 317141. That explains it in some more detail than the normal manual. Martin Bowes > Who's using Kerberos authentication? Any pointers to procedure > or documentation will be appreciated! > _______________________________________________ > Info-ingres mailing list > Info-ingres@cariboulake.com > http://mailman.cariboulake.com/mailman/listinfo.py/info-ingres > James Latimer wrote: > Who's using Kerberos authentication? Any pointers to procedure > or documentation will be appreciated! me neither, but this Chapter 13 may be of use: http://downloads.ingres.com/download/connect.pdf ...

Kerberos Decrypted
http://www.digg.com/security/Kerberos_Decrypted ...

Kerberos
Hello, I read on the ibm site that KRB5A authentication is only supported on 5.2. We are currently runnin 5.1 and have an MCA based machine so there is no chance in upgrading to 5.2. Is there an open-source kerberos package for AIX, and how would you go about installing it. Any help would be greatly appreciated. Rich ...

RE: MIT Kerberos and Solaris 10 Kerberos
Greetings, and thanks for the response. > > We run a number of Solaris 8 systems using Sun's SEAM PAM > implementation > > and MIT's Kerberos (which we're up to date on). We are > starting to look > > at Solaris 10, and are hoping to move towards Sun's > implementation of > > Kerberos. We are having a bit of trouble getting the two to talk > > properly, however. > > I'm confused - you cannot use the Solaris pam_krb5 with MIT Kerberos. > It is linked directly with the Solaris Kerberos libraries (private). I am trying to get the Solaris Kerberos (SEAM) on the Sol 10 system to talk to the MIT Kerberos on the KDC and other Solaris 8/MIT systems. > Solaris 10 Kerberos interops very well with MIT, Heimdal, and > Microsoft. > It has support for all of the enctypes (AES, RC4, 3DES, DES) finally. But I can't seem to get it to work. > > If we SSH (from production to test, for example) to a > Solaris 8 machine, > > then we can rlogin (Kerberized) to the Solaris 10 machine and, from > > there, rlogin to a Sol8 machine again. If, however, we SSH > directly to > > the Solaris 10 machine, we cannot rlogin to a Solaris 8 > machine. Doing > > various experiments (for example, trying to ksu on the Sol > 10 machine), > > the only error we ever get is: > > > > ksu > > WARNING: Your password may be exposed if you enter it here and are &g...

Kerberos Administration Protocol
Hi, I'm looking for an open source Java implementation for the Kerberos administration protocol, for changing password, getprinc, delete_principal and so on. The main goals for kadmin, for the MIT implementation. Are there any libraries? If no, I would try to do an adHoc implementation. Are there documents? The only draft that I can see is http://tools.ietf.org/html/draft-ietf-cat-kerb-chg-password-00 Thanks, Massimiliano > Date: Tue, 02 Jun 2009 15:28:32 +0200 > To: kerberos@mit.edu > From: "max@mascanc.net" <max@mascanc.net> > Subject: Kerberos Administration Protocol > > Hi, > > I'm looking for an open source Java implementation for the Kerberos > administration protocol, for changing password, getprinc, > delete_principal and so on. The main goals for kadmin, for > the MIT implementation. > > Are there any libraries? > > If no, I would try to do an adHoc implementation. Are there > documents? The only draft that I can see is > > http://tools.ietf.org/html/draft-ietf-cat-kerb-chg-password-00 > > Thanks, > > > Massimiliano As it happens, I do have something that might be the start at this. It could stand a bit more "polishing" before being released, and at the moment, it's not on our priority list. If this is something of interest to you, we should certainly talk. You won't be at afsbpw 2009, by any chance? What I have ...

kerberos
Hi I have kerberos server setup, and it works fine with iseries navigator, I have to create a AS400 object now using Java and kerberos ticket, has any one done it successfully, does anyone have any code sample "polilop" <fmatosicSKINI@inet.hr> burped up warm pablum in news:fr3i5a$sn6$1@ss408.t-com.hr: > Hi > I have kerberos server setup, and it works fine with > iseries navigator, I have to create a AS400 object now > using Java and kerberos ticket, has any one done it > successfully, does anyone have any code sample You should read: http://publib.boulder...

kerberos?
Is anyone out there using kerberos authentication with their NonStop hosts? Between this and ssh, I am having trouble keeping up! Thanks in advance. ...

FW: MIT Kerberos and Solaris 10 Kerberos
Sorry, I accidentally sent this reply just to Wyllys. In the interest of keeping the thread complete, I'll put it to the list as well. R > That's because Solaris 10 'kadmin' uses RPCSEC_GSS and > MIT uses a slightly different RPC protocol. This is not a new > issue, its been a problem ever since we introduced SEAM. > > The solution is that if your KDC is MIT, then you must use the MIT > 'kadmin' client to manage it. OK, thanks. So, I'll have to keep the MIT binaries around as well... Rainer ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Replacing the system Kerberos with MIT Kerberos (from ports)
Is there a way to replace the Heimdal Kerberos libraries included in the FreeBSD base system with the MIT Kerberos libraries installed from the security/krb5 port? I know about the KRB5_HOME make option. I'm concerned about other "Kerberized" applications not working properly because they use the wrong client libraries, hence my desire to completely replace Heimdal with MIT Kerberos. The Heimdal Kerberos libraries shipped with the FreeBSD base system don't support TCP, so when a KDC replies to a client request with a response larger than the maximum UDP packet size, the Kerberos libraries return an error to the client instead of switching to TCP (which can handle large responses). I routinely encounter this problem when integrating FreeBSD servers and workstations into Windows Active Directory domains, where the KDC responses include additional authorization data derived from a security principal's group memberships: Samba's "net ads join" command fails with a "response too big for for UDP, retry with TCP" error when linked against Heimdal, but it succeeds (and everything else works properly) when linked against MIT Kerberos. (Note that I'm not willing to debate the semi-standard/non-standard inclusion of authorization data in a Kerberos ticket's PAC, nor am I willing to argue the applicability of the aforementioned operating systems to their assigned tasks.) Best wishes, Matthew ...

Kerberos Decrypted
http://www.digg.com/security/Kerberos_Decrypted ...

compiling kerberos for sparcv9
Hi all, I'd like to know what parameters to give ./configure, in order to generate ELF64 object code for the sparcv9 architecture. Could anyone provide me with the info? I have here the gcc and the SUNWspro/cc compilers, but the ld fails with "Segmentation fault" on libcomm_err (or so) when I issue: ../configure --enable-shared CFLAGS="-mcpu=ultrasparc -m64" How should I do it best? Thank you in advance for any hints, Calin Barbat. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Kerberos
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

kerberos
Hi, I've seen a number of posts regarding similar issues, but none with answers.. maybe i'll be lucky... Trying to join a Linux samba box to a Win2k Domain via ADS.. Have used 'net join -U administrator%password' then get a list of errors about 20 lines long similar to this. "kerberos_knit_password fedora$@domain.com failed: Client not found in Kerberos database" But, it *does* join the domain and I can see and use the share.... Is there anything to worry about?? TIA, travelfurther.. ...

OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos
Rather then implementing kafs in MIT Kerberos, I would like to suggest an alternative which has advantages to all parties. The OpenSSH sshd needs to do two things: (1) sets a PAG in the kernel, (2) obtains an AFS token storing it in the kernel. It can use the Kerberos credentials either obtained via GSSAPI delegation, PAM or other kerberos login code in the sshd. The above two actions can be accomplished by a separate process, which can be forked and execd by the sshd and passed the environment which may have a KREB5CCNAME pointing at the Kerberos ticket cache Other parameters such as the home directory could also be passed. This would then allow simple code in OpenSSH that does not depend on OpenAFS, Hiemdal or MIT code to fork/exec the process that does all the work. This would be called by the process that would eventially become the user's shell process and is run as the user. OpenSSH could be built on systems that may or may not have AFS installed and run on a system with or without AFS. The decision is based on the existence of the executable and any options in sshd_config. In its simplest form, all that is needed is: system("/usr/ssh/libexec/aklog -setpag") This is a little over simplified as there should be a test if the executable exists, processing of some return codes, making sure the environment is set, setting some time limit. etc. But the point is there is no compile dependence on OpenAFS, MIT or Hiemdal by the Op...

RE: MIT Kerberos and Solaris 10 Kerberos #2
BTW, as a further clarification, the system was installed initially using our MIT Kerberos build (i.e. the same as we use on all of the Solaris 8 machines). I am now trying to get it to work with the Solaris 10 SEAM. One problem I see immediately (refreshing my memory with a couple quick tests) is that, when using the Sol10 SEAM to install the keytab, I immediately get: # kadmin -p rheilke/admin Authenticating as principal rheilke/admin@ATCOTEST.CA with password. Password for rheilke/admin@ATCOTEST.CA: kadmin: ktadd host/salty.atcotest.ca kadmin: Communication failure with server while changing host/salty.atcotest.ca's key kadmin: So, the Sol10 SEAM cannot seem to talk to the KDC. Rainer ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Heilke, Rainer wrote: > BTW, as a further clarification, the system was installed initially > using our MIT Kerberos build (i.e. the same as we use on all of the > Solaris 8 machines). I am now trying to get it to work with the Solaris > 10 SEAM. > > One problem I see immediately (refreshing my memory with a couple quick > tests) is that, when using the Sol10 SEAM to install the keytab, I > immediately get: > > # kadmin -p rheilke/admin > Authenticating as principal rheilke/admin@ATCOTEST.CA with password. > Password for rheilke/admin@ATCOTEST.CA: > kadmin: ktadd host/salty.atcotest.ca > kad...

RE: MIT Kerberos and Solaris 10 Kerberos #4
Thanks. We'll have to keep our eyes open for 5-1.4. Rainer > -----Original Message----- > From: Tom Yu [mailto:tlyu@mit.edu] > Sent: Tuesday, January 11, 2005 11:12 AM > To: Wyllys Ingersoll > Cc: Heilke, Rainer; kerberos@mit.edu > Subject: Re: MIT Kerberos and Solaris 10 Kerberos > > > >>>>> "Wyllys" == Wyllys Ingersoll <wyllys.ingersoll@sun.com> writes: > > Wyllys> That's because Solaris 10 'kadmin' uses RPCSEC_GSS and > Wyllys> MIT uses a slightly different RPC protocol. > > [...] > > Wyllys> There have been patches submitted to the MIT codebase to make > Wyllys> it able to support RPCSEC_GSS (and thus interop with > Solaris kadmin), > Wyllys> but Im not sure if those are in the latest release or not. > > RPCSEC_GSS support will be present in krb5-1.4 (currently in beta). I > have done a brief successful interop test against SEAM's kadmin > protocol. Independent confirmation would be useful. > > ---Tom > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

RE: MIT Kerberos and Solaris 10 Kerberos #5
> > Can we force the Sol10 box to only use DES, to be > compatible with the > > Sol8/MIT systems (which is everything but the one Sol10 box)? > > If you are using MIT Kerberos on the Solaris 8 systems (including > pam_krb5 made for MIT, not the one that comes with SEAM), then > you should not worry about the enctypes because MIT already > supports all of the enctypes that S10 supports. > > The only time you need to worry about enctypes is when you > are using pre-S10 systems with SEAM apps. IN that situation, > ONLY the pre-solaris 10 systems need to have the DES keys, > it is perfectly acceptable for the S10 systems to have AES > and S8/S9 to have DES. This should not affect interop if > your keytabs are correctly populated on the pre-S10 boxes. Excellent, thanks. That makes life significantly easier. > earlier comments, > > they already are DES; is that correct? > > > > Not necessarily. If your S8 systems are MIT, then you don't > really need to worry much about the enctype support because > MIT has support for all enctypes (DES through AES-256). Right, as per your comments above. :-) > If you use a 3rd party pam_krb5 library that links with MIT > Kerberos, then you should not have any enctype issues on > Solaris 8. We aren't using any Sol8 SEAM (all MIT, except for the new Sol10 box), using the MIT libs. > You may be seeing problems on your S8 systems because ...

RE: MIT Kerberos and Solaris 10 Kerberos #3
Thanks for the response. Please see inline... > In Solaris 10, all of the Kerberos services are already bundled, > there is no longer any external packages that need to be added. Right. > Whoever told you 'ksu' was part of the encryption kit was mistaken, > ksu has never been part of SEAM. OK, thanks for that clarification. It was a bit of a surprise to me when I was told it was there. So, does the Solaris 10 SEAM have any functionality similar to ksu, or just the standard su command? > The encryption kit for Solaris 10 enhances the overall crypto > capabilities of the system, the only benefit Kerberos gets is > that it can support AES-256 with the S10 encryption kit. > Without the S10 encryption kit, the strongest AES crypto > available for Kerberos in S10 is AES-128. And this fits more with what I understood, before my co-worker's comments. > On the S10 system, you must make sure to enable the "eklogin" service. > Run this command (as root): > > # svcadm enable eklogin Hmm. That may be a good part of my problem. I added the inetd.conf entry for the old (MIT) eklogin, and ran inetconv. So, this is probably really confusing the system. I'll try to revert that, and do the svcadm. > For Solaris 8 with the SEAM rlogin daemon, make sure your > inetd.conf entries > are correct. We don't actually run SEAM on any Sol8 systems; it's all MIT. > Don't bother with inetd.conf in S10, ...

RE: MIT Kerberos and Solaris 10 Kerberos #6
OK, I think I have fixed the services. I have: # svcs -v | grep login online - 13:25:02 35 svc:/system/console-login:default online - 13:25:11 - svc:/network/login:eklogin online - 13:25:12 - svc:/network/login:klogin online - 13:25:12 - svc:/network/login:rlogin (Just to make sure, those ARE the correct versions? The ones I removed looked like: # svcadm disable svc:/network/klogin/tcp:default # svcadm disable svc:/network/eklogin/tcp:default The first entry in the svcs listing is, I assume, my root console login via the terminal server.) Or did I cancel the wrong two? If I use the MIT rlogin to go to another server, this fails (and no message gets logged on the KDC). I expect this is correct behaviour (needing the SEAM version). So, where do I find the Solaris 10 SEAM version of rlogin? The rlogin in /bin seems to be the old, un-Kerberized one, or is this actually a Kerberized one? In which case, it never seems to get a connection, and again, doesn't log anything on the KDC. I can use the Solaris 8/MIT rlogin to go from one of the old Solaris 8/MIT systems to the Solaris 10 box. Thanks again. Rainer ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos e@atcoitek.com wrote: > OK, I think I have fixed the services. I have: > # svcs -v | grep login > online ...

Web resources about - Kerberos Cross Compiling - comp.protocols.kerberos

Cool tools for compiling to JavaScript
Every programmer has a favorite language or two. JavaScript lovers are the luckiest these days because their language is taking over the Internet ...

Feds put protest activity under microscope in compiling national 'risk forecast'
Use of social media, the spread of "citizen journalism," and the involvement of young people are among the key trends highlighted by a federal ...

10 Tips For Compiling A Deal Sheet
Compiling a deal sheet is a great way of taking stock of your experience and of seeing where your experience may be lacking.

Compiling 64-Bit Code
Describes the 64-bit features available in OS X.

Is there a benefit to compiling your code as you go?
Stack Exchange This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users ...

6 cool tools for compiling to JavaScript
Every programmer has a favorite language or two. JavaScript lovers are the luckiest these days because their language is taking over the Internet ...

Compiling The Absurd Box Score For Space Jam ; Or, Shawn Bradley Sucked Against Cartoons, Too
This is Regressing, a numbers-minded column by our clever friends at the Harvard College Sports Analysis Collective. Over the next few days, ...

We're Compiling Every Police-Involved Shooting In America. Help Us.
The United States has no database of police shootings. There is no standardized process by which officers log when they've discharged their weapons ...

Flat UI Pro Tutorial: Setting and Compiling Using LESS
In this video tutorial, you use components from Flat UI Pro to create a complete simple mail app using LESS. He takes you through the steps to ...

Industrious 4chan user is compiling a list of every videogame ever made
... me to enter a few hundreds of games into my Backloggery account , and I haven't even finished it yet. Ambitious 4chan user Data_baser is compiling ...

Resources last updated: 3/10/2016 2:56:08 PM