f



RE: kinit request on keytab fails using 2K3sp1 KDC #3

>From the determined kvno information, I am worried that starting again 
>will not resolve my issue.  Assuming that the kvno is reset to 1, using

>kvno and klist to determine the version number should return similar 
>results to above, but showing the number to be 1.  What would the 
>difference be and would it resolve the pre-authentication issue?

We found that even if we start again, we could not get the pre-auth to
work. 

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
tim.alsop (50)
3/23/2006 11:34:03 AM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

1 Replies
388 Views

Similar Articles

[PageSpeed] 7

Tim Alsop wrote:
>>From the determined kvno information, I am worried that starting again 
>> will not resolve my issue.  Assuming that the kvno is reset to 1, using
> 
>> kvno and klist to determine the version number should return similar 
>> results to above, but showing the number to be 1.  What would the 
>> difference be and would it resolve the pre-authentication issue?
> 
> We found that even if we start again, we could not get the pre-auth to
> work. 

The most important new functionality in the W2K SP1 version of KTPASS is
that it allows you to export RC4-based keys instead of DES.  Did you try
using RC4 keys or were you only interested in using single DES?

Jeffrey Altman
0
jaltman2 (417)
3/23/2006 2:17:34 PM
Reply:

Similar Artilces:

RE: kinit request on keytab fails using 2K3sp1 KDC
David, The easiest solution to this problem is to use the ktpass which was shipped with Windows 2003, and not the one with SP1. Alternatively, you can use one of the many tools available that replace the need for ktpass, and use computer accounts for key storage. These tools do not suffer from the same issues as ktpass. It seems that the sp1 version of ktpass stores a key with a specific kvno in the keytab file, and the kvno in the domain controller for the same principal is different. This is why you cannot use the keytab file to authenticate. Thanks, Tim -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of David Telfer Sent: 22 March 2006 17:09 To: kerberos@mit.edu Subject: kinit request on keytab fails using 2K3sp1 KDC Hello, I am testing a keytab obtained from a Windows 2003 Server (sp1) prior to configuring mod_auth_kerb. I have used the following command to generate a keytab on the KDC; ktpass -mapuser intsvcuser@smg.plc.uk -princ HTTP/connect.smg.plc.uk@SMG.PLC.UK +DesOnly -pass userspassword -ptype KRB5_NT_PRINCIPAL -crypto DES-CBC-MD5 -out "c:\krb5.keytab" The *nix server is running Solaris 9 with MIT krb5-1.4.3. I have transfered the keytab to /etc/krb5.keytab. When I run ; #/usr/local/bin/kinit -k -t /etc/krb5.keytab HTTP/connect.smg.plc.uk@SMG.PLC.UK I get the following error; kinit(v5): Preauthentication failed while getting initial credentials I am able to obtain a ticket directly ...

RE: kinit request on keytab fails using 2K3sp1 KDC #2
David, Like yourself we spent many days/weeks trying to get the sp1 version of ktpass to work, but we could not, so we have developed our own replacement product that uses computer accounts instead. Cheers, Tim -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of David Telfer Sent: 23 March 2006 09:47 To: kerberos@mit.edu Subject: Re: kinit request on keytab fails using 2K3sp1 KDC Richard E. Silverman wrote: > > TA> It seems that the sp1 version of ktpass stores a key with a > TA> specific kvno in the keytab file, and the kvno in the domain > TA> controller for the same principal is different. This is why you > TA> cannot use the keytab file to authenticate. > > Yes; it always sets the kvno in the keytab it writes to 1, regardless of > the value in the KDB (which of course changes each time the key is > extracted). So, you can only use the keytab the first time you extract > it. If you have to do it again, just delete the principal and re-create > it. I am not sure whether this is the issue or not, I may be doing something wrong but I have used the following procedure to determine the kvno of both the keytab and the service principal. To determine the KDC principal kvno; #./kinit HTTP/connect.smg.plc.uk@SMG.PLC.UK --->prompted for system user password #./kvno HTTP/connect.smg.plc.uk@SMG.PLC.UK HTTP/connect.smg.plc.uk@SMG.PLC.UK: kvno = 3 To determine...

RE: kinit request on keytab fails using 2K3sp1 KDC #4
David, I have seen this problem before. It does not occur with the pre-SP1 version of ktpass. Conclusion : If you want to create keytable files which have correct kvno's and which work correctly with des, then you must use the pre-SP1 version of ktpass. Thanks, Tim -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of David Telfer Sent: 23 March 2006 17:39 To: kerberos@mit.edu Subject: Re: kinit request on keytab fails using 2K3sp1 KDC Jeffrey Altman wrote: > Why do you need the kvno to be 1? It wasn't so much that they needed to match, more to tidy up the situation I had on the KDC. > For example, what is the enctype of the service ticket issued by the > KDC? Does that match the enctype of the keytab entry you are using? > > What do the following commands output? > > klist -e -k /etc/krb5.keytab > > kvno HTTP/connect.smg.plc.uk@SMG.PLC.UK > klist -e > This appears to be the problem, the keytab is being generated with DES CBD MD5, the service principal is sending an ArcFour encrypted tgt. The reason this never occured to me is that the user account has the 'use DES encryption for this account' setting ticked. I have tried the following process to force the service principal to be DES; 1 - create account 2 - run ktpass util with -mapop set +DesOnly and -crypto DES-CBC-MD5 options set. 3 - view account properites and ensure that 'use DES encryption f...

kinit request on keytab fails using 2K3sp1 KDC
Hello, I am testing a keytab obtained from a Windows 2003 Server (sp1) prior to configuring mod_auth_kerb. I have used the following command to generate a keytab on the KDC; ktpass -mapuser intsvcuser@smg.plc.uk -princ HTTP/connect.smg.plc.uk@SMG.PLC.UK +DesOnly -pass userspassword -ptype KRB5_NT_PRINCIPAL -crypto DES-CBC-MD5 -out "c:\krb5.keytab" The *nix server is running Solaris 9 with MIT krb5-1.4.3. I have transfered the keytab to /etc/krb5.keytab. When I run ; #/usr/local/bin/kinit -k -t /etc/krb5.keytab HTTP/connect.smg.plc.uk@SMG.PLC.UK I get the following error; kinit(v5): Preauthentication failed while getting initial credentials I am able to obtain a ticket directly from the kdc using #./kinit DavidTelfer@SMG.PLC.UK which would indicate that the problem wasn't a clock slew error (I haven't seen an error of this nature appear with this version of krb so I'm not sure whether it would explicitly state this). From reading a few mailing list posts I have discovered some people having issues with ktpass on service pack 1. One such post; http://groups.google.com/group/comp.protocols.kerberos/browse_thread/thread/1c991fa1b6ea4ef8/3da9428688c66d72%233da9428688c66d72 details a similar problem I have followed the advice given, ensuring that the kvno's match and changing the system users password prior to generating the keytab but to no avail. My /etc/krb5.conf file is as follows (I've removed every non-essential entry to ...

Re: AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
Christopher, I had the exact same problem. I was given 2 patches for KRB 1.4.1 and it fixed the problem. I applied the patches to my 1.4.2 source and the problem is resolved there too. Here are the patches: DNSGLUE.C Patch: *** ./src/lib/krb5/os/dnsglue.c.orig Fri Jan 14 17:10:53 2005 --- ./src/lib/krb5/os/dnsglue.c Thu May 5 11:39:52 2005 *************** *** 62,68 **** --- 62,76 ---- char *host, int nclass, int ntype) { #if HAVE_RES_NSEARCH + #ifndef LANL struct __res_state statbuf; + #else /* LANL */ + #ifndef _AIX + struct __res_state statbuf; + #else /* _AIX */ + struct { struct __res_state s; char pad[1024]; } statbuf; + #endif /* AIX */ + #endif /* LANL */ #endif struct krb5int_dns_state *ds; int len, ret; LOCATE_KDC.C Patch: >*** ./src/lib/krb5/os/locate_kdc.c.orig Thu May 5 08:06:45 2005 >--- ./src/lib/krb5/os/locate_kdc.c Thu May 5 11:34:27 2005 >*************** >*** 267,275 **** >--- 267,283 ---- > memset(&hint, 0, sizeof(hint)); > hint.ai_family = family; > hint.ai_socktype = socktype; >+ #ifndef LANL > #ifdef AI_NUMERICSERV > hint.ai_flags = AI_NUMERICSERV; > #endif >+ #else /* LANL */ >+ #ifndef _AIX >+ #ifdef AI_NUMERICSERV >+ hint.ai_flags = AI_NUMERICSERV; >+ #endif >+ #endif /* _AIX */ >+ #endif /* LANL */ > sprintf(portbuf, "%d", ntohs(port)); > sprintf(s...

Re: Bind 9.2.5 and IPv6 fails with client.c:1325: unexpected error: failed to get request's destination: failure #3
> Hello, > > Roland Dirlewanger a �crit : > > > > I have a very strange problem with a Bind server version 9.2.5 on Fedora > > Core 3. > > > > Named listen to one IPv4 address and any IPv6 address. The configuration > > has been running for many months. No changes where made recently to the > > configuration except for adding or removing slave zones. > > > > The symptom is that the server does not answer request to the IPv6 > > address + port UDP 53. It still answers requests to the UDP and TCP port > > 53 using IPv4 and to the TCP port 53 using IPv6. Using dig on the > > server, or on any server on the same LAN, leads to the following behavior : > > - dig ns some.domain @IPv4-address : works fine > > - dig +vc ns some.domain @IPv4-address : works fine > > - dig +vc ns some.domain @IPv6-address: works fine > > - dig ns some.domain @IPv6-address: works once or twice immediately > > after restarting named, fails afterwards > > > > The logs show the following message : > > Jan 16 23:34:25 named[32125]: failed to get request's destination: failure > > Jan 16 23:34:27 named[32125]: client.c:1325: unexpected error: > > I think I experienced a similar problem with BIND 9.2.4 on Debian Sarge. > It seems to be triggered when the IPv6 UDP socket receives an IPv4 > request, which can occur in t...

can keytab created on Linux KDC be used when using windows KDC ?
Hi all, I am trying interoperablity between linux machines using windows KDC. I have a question regarding the keytab file usage. Assuming that I create keytab file using Linux KDC for a client called "test.kerberos.com" in the realm "KERBEROS.COM" Can I use the same keytab for the linux machine when it uses windows as KDC ? Has anybody tried this ? Is it possible ? If not possible, can you please explain why it is not possible ? Does windows KDC and Linux use different methods to create keytab ? - Sandy. ...

Re: kinit(v5): Cannot contact any KDC for requested......
I'm also using Kerberos with RH... I don't see your hosts in your principal list... You should add the host, with a random key and store it in /etc/krb5.keytab for every host that's in the realm, including the KDC. That could be the cause of your problem... I'm not sure though I'm also not using DNS. - Jin On Wed, 12 Nov 2003 20:54:52 -0700 muzaffar.sultan@telvent.abengoa.com wrote: > Hi All, > > This is my first email to clug. I hope there's kerberos expert on this > list. > I've been battling with kerberos issues for couple of days. > > I've installed latest kerberos on RH advance server according to > documentation. > Everything seems ok but kerberos client apps like kinit are not working. > > I could run kadmin.local. All important principals are created as well. > > I logged in as root on the same machine where master kdc is running. I've > setup DNS as well but no success. > > I noticed one thing: I did not create principal for root@RTDLINUX.COM. > When > I ran kinit, this is the message I got in krb4kdc.log file: > > Nov 11 15:06:01 kerberos krb5kdc[26446](info): AS_REQ (6 etypes {18 16 23 > 1 > 3 2}) 128.1.1.70: CLIENT_NOT_FOUND: root@RTDLINUX.COM for > krbtgt/RTDLINUX.COM@RTDLINUX.COM, Client not found in Kerberos database > Nov 11 15:06:01 kerberos krb5kdc[26446](info): DISPATCH: repeated > (retransmitted?) request from 128.1.1.70, resending pre...

Re: kinit(v5): Cannot contact any KDC for requested...... #2
Thanks Jin for the tip. I tried that as well and it did not work. I've stopped using DNS to troubleshoot the problem. Here's principals list: [root@kerberos sample]# /usr/local/sbin/kadmin.local Authenticating as principal muzaffar/admin@RTDLINUX.COM with password. kadmin.local: listprincs K/M@RTDLINUX.COM host/kerberos.rtdlinux.com@RTDLINUX.COM kadmin/admin@RTDLINUX.COM kadmin/changepw@RTDLINUX.COM kadmin/history@RTDLINUX.COM krbtgt/RTDLINUX.COM@RTDLINUX.COM muzaffar/admin@RTDLINUX.COM root@RTDLINUX.COM sample/kerberos.rtdlinux.com@RTDLINUX.COM Here's output from keytab file: [root@kerberos sample]# klist -k Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 4 kadmin/admin@RTDLINUX.COM 4 kadmin/admin@RTDLINUX.COM 4 kadmin/changepw@RTDLINUX.COM 4 kadmin/changepw@RTDLINUX.COM 2 host/kerberos.rtdlinux.com@RTDLINUX.COM 2 host/kerberos.rtdlinux.com@RTDLINUX.COM _________________________________________________________ Muzaffar Sultan--Telvent muzaffar.sultan@telvent.abengoa.com Ph: (403)-301-5020 |---------+------------------------------> | |xiongj@rpi.edu | | | | |---------+------------------------------> >----------------------------------------------------------------------------------------------------------------------------| | ...

RE: Kerberos error 52 (0x34) when using kinit
Hello Douglas, Thanx for the response. I'll get the latest version from MIT and try again. Regards, Bruce. -----Original Message----- From: Douglas E. Engert [mailto:deengert@anl.gov] Sent: Friday, December 10, 2004 8:57 AM To: Wells, Bruce Cc: kerberos@mit.edu Subject: Re: Kerberos error 52 (0x34) when using kinit Wells, Bruce wrote: > Hello All, > I'm getting the above error when I try to get the initial ticket using > kinit. The KDC is Windows 2003 and the client is running on linux. My > understanding of kerberos and the KDC in particular is that if the KDC > can't send the response back via UDP it will switch over to TCP. My > question is this: Does the client need to programmactically take an > action if it recieves this error or will this be taken care of "under > the hood"? Also the client side (linux), is there a way to force the > communication to occur using TCP? Depends on the release of the Kerberos. MIT 1.2.x did not support TCP, 1.3.x does. Its a recent addition to Java as well. Theylibs wil switch as needed. The krb5.conf [libdefaults] udp_preference_limit = nnn can be used to tell the client to use TCP if the message is over nnn bytes. Setting to 1 in effect says try TCP first. The problem is the ticket is large due to the PAC being included from AD. (IIRC) W2003 servers have a lower cut over size then W2000 servers. > > TIA, > Bruce E. Wells > > -----------------------------...

RE: Denial of service when using Active Directory for KDC ? #3
Markus, Thankyou. This works for us now. I appreciate your help. Regards, Tim ________________________________ From: Markus Moeller [mailto:huaraz@moeller.plus.com] Sent: Fri 06/05/2005 10:20 To: Markus Moeller; Tim Alsop; jpbermejo Cc: kerberos@mit.edu Subject: Re: Denial of service when using Active Directory for KDC ? To use a computer account in AD for a principal you have to create first a normal computer account (e.g. mmtest) and execute then: C:\program files\Support Tools>ktpass -out d:\Temp\test1.keytab -pass Test000$ -crypto rc4-hmac-nt /ptype KRB5_NT_SRV_HST -princ te stsvc/moelma.test.com@TEST.COM -mapuser mmtest$@TEST.COM Targeting domain controller: testkdc.test.com Using legacy password setting method Successfully mapped testsvc/moelma.wks.uk.deuba.com to MMTEST$. WARNING: Account MMTEST$ is not a user account (uacflags=0x1021). WARNING: Resetting MMTEST$'s password may cause authentication problems if MMTEST$ is being used as a server. Reset MMTEST$'s password [y/n]? y Key created. Output keytab to d:\Temp\test1.keytab: Keytab version: 0x502 keysize 81 testsvc/moelma.test.com@TEST.COM ptype 3 (KRB5_NT_SRV_HST) vno 1 etype 0x17 (RC4-HMAC) keylength 16 (0x5443b0c1ad573155fa2d95eee1971574) This will create a keytab with a RC4 key which is mapped to a computer account. Any password expiry set for user accounts (e.g. domain wide settings) won't affect the computer account. Regards Markus On Fri May 6 9:34 , jpbermejo <jpb...

RE: Bad code (was: Thoughts on Logical Log use requested) #3
>>> "Dirk Moolman" <DirkM@caretech.co.za> 3/23/2006 6:57 AM >>> -----Original Message----- From: informix-list-bounces@iiug.org=20 [mailto:informix-list-bounces@iiug.org] On Behalf Of Konikoff, Rob (Contractor) Sent: 23 March 2006 04:43 PM To: informix-list@iiug.org=20 Subject: RE: Bad code (was: Thoughts on Logical Log use requested) >> A lot of things on our system is hardcoded, and not normalised. >You guys... listen... Bad code is a part of life. I have to write >REALLY bad, clunky code quite often to get around system requirements >produced by original programmers, or even to overcome limitations >established by management... That's the breaks of the game. I don't >complain... it keeps me employed. The down side is that the only ones >who suffer are the end customers that need the data! ..... and the DBA's who are trying to explain why the system is slow .... Thank you for understanding. As DBA keeps getting blame for not = configure, maintain nor tune the engine properly. Times after times, you = also have heard that the DBA should be fired for being such a poorly = skilled DBA. =20 :-( > The information on this e-mail including any attachments relates to the = official business of DigiCare (Pty) Ltd. The information is confidential = and legally privileged and is intended solely for the addressee. Access to = this e-mail by anyone else is...

Re: How to make BACKUP fail instead of making OPCOM request? #3
>From: kaplow_r@encompasserve.org.TRABoD (Bob Kaplow) >X-Newsgroups: comp.os.vms >Subject: Re: How to make BACKUP fail instead of making OPCOM request? >Date: 23 Feb 2005 07:44:04 -0600 >Organization: Encompasserve > >In article <421BF8AA.10C1B7D0@comcast.net>, David J Dachtera <djesys.nospam@comcast.net> writes: >> Another is to estimate in advance how much data will be written to tape. > >Well, that might work. But the actual source of the problem was our stupid >day operator (who looks a LOT like that guy you've seen at CARTS LUG >meeti...

Re: validating keytab files: Cannot find KDC for requested realm whilegetting initial credentials
Adding "dns_lookup_kdc = true" to the [libdefaults] section of krb5.conf seems to fix the problem. Frank "Frank Balluffi" <frank.balluffi+exter To: kerberos@mit.edu nal@db.com> cc: Sent by: Subject: validating keytab files: Cannot find KDC for requested realm kerberos-bounces@mit. whilegetting initial credentials edu 10/26/2004 04:39 PM ...

Re: OT: Request for a favor 3 #3
You guys seem to be hosting out of some company in Colorado? I get some nutty routing to there from down here in Austin. I expected it to route via QWest but it went through some AT&T routing nightmare. At least, it did from here. I was coming from a TWTC network and they do peer with QWest. The site came up okay from here though, and looks very cool. And thanks for the tip on QCTerm- it is definitely a nice piece of work. :) -Paul On Thursday, October 02, 2008, at 01:24PM, "Wirt Atmar" <atmar@AICS-RESEARCH.COM> wrote: >John Dunlop wrote: > ...

AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
Hi list, kinit (krb5 1.4.2) on an AIX 5.3 gives me # /usr/local/bin/kinit -k -t foobar.keytab foobar/foo.example.net@EXAMPLE.NET kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials From a working Linux krb5 1.4.2 installation I copied /etc/krb5.conf and foobar.keytab to AIX 5.3. The following steps don't defer to the steps I did under Linux. # ./configure --without-krb4 --enable-shared # make && make install Using gcc 3.3.2. I found a patch for krb5 1.4.1 for AIX 5.2 from Ken Raeburn, but as far as I see it is fixed in 1.4.2. My krb5.conf looks like this: [libdefaults] default_realm = EXAMPLE.NET clockskew = 300 [realms] EXAMPLE.NET = { kdc = foo.example.net:88 admin_server = foo.example.net:749 default_domain = example.net kpasswd_server = foo.example.net } [domain_realm] .example.net = EXAMPLE.NET example.net = EXAMPLE.NET [logging] default = SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/kdc.log kadmind = FILE:/var/log/kadmind.log [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } Trying to analyze with tcpdump I s...

Re: [ace-users] ACE failed to compile on AIX using gcc4.1.1(compiledusing gcc3.3)
--0-427576476-1156839651=:22390 Content-Type: text/plain; charset=us-ascii Steve, ACE::init doesn't help us. (gcc 4.1.1 AIX 5.3.5) we get identically same crash here: #0 0x1019c3bc in ReactorThread::svc (this=Cannot access memory at address 0x2dcc6340 ) at ReactorThread.cpp:34 #1 0xd5096a28 in ACE_Thread_Adapter::invoke_i (this=0x2003d4c0) at Thread_Adapter.cpp:146 #2 0xd5096dbc in ACE_Thread_Adapter::invoke (this=0x20393558) at Thread_Adapter.cpp:95 #3 0xd501b764 in ace_thread_adapter (args=0x2036b940) at Base_Thread_Adapter.cpp:116 #4 0xd0111644 in _pthread_body () from /usr/lib/libpthread.a(shr_xpg5.o) #5 0x00000000 in ?? () with and without ACE::init(). we are in the process of obtaining XLC 7 but that will take couple of days. I will try to use gcc 3.3 with ACE::init() (with gcc 3.3 we had the problem of two singletons (or maybe our old singleton was killed by somebody.... which I hope ACE::init() will fix) Ciao scipio ----- Original Message ---- From: Steve Huston <shuston@riverace.com> To: brian@ns.pigworks.openss7.net; Nzer Zaidenberg <scipioenterprises@yahoo.com> Cc: ace users <ace-users@cs.wustl.edu> Sent: Monday, August 28, 2006 10:27:01 PM Subject: Re: [ace-users] ACE failed to compile on AIX using gcc4.1.1(compiledusing gcc3.3) Hi Nzer, > Any idea as to how I proceed from here? > > Does it sound like the best bet is Obtaining VA7 for AIX and recompiling? Th...

Re: [ace-users] ACE failed to compile on AIX using gcc4.1.1 (compiledusing gcc3.3)
Actually, the original patch had everything backwards. Nzer, please try this one instead: Index: config-aix-4.x.h =================================================================== --- config-aix-4.x.h (revision 74138) +++ config-aix-4.x.h (working copy) @@ -93,8 +93,10 @@ # define ACE_HAS_GNU_CSTRING_H # define ACE_HAS_SSIZE_T -// We have to explicitly instantiate static template members -# define ACE_HAS_EXPLICIT_STATIC_TEMPLATE_MEMBER_INSTANTIATION +# if (__GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ == 0)) +// We have to explicitly instantiate static template members prior to g++ 4.1 +# define ACE_HAS_EXPLICIT_STATIC_TEMPLATE_MEMBER_INSTANTIATION +#endif /* g++ prior to 4.1 */ # if !defined (ACE_MT_SAFE) || ACE_MT_SAFE != 0 // ACE_MT_SAFE is #defined below, for all compilers. -- Steve Huston, Riverace Corporation Next public ACE training October 17-20, 2006! See http://www.riverace.com/training.htm > -----Original Message----- > From: Steve Huston [mailto:shuston@riverace.com] > Sent: Monday, August 21, 2006 11:57 AM > To: 'Thomas Lockhart' > Cc: 'Nzer Zaidenberg'; 'ace-users@cse.wustl.edu' > Subject: RE: [ace-users] ACE failed to compile on AIX using > gcc4.1.1 (compiledusing gcc3.3) > > > Good point, Tom - Nzer, can you please incorporate Tom's > change to ">" in the first comparison and let me know how this works? > ...

[ace-bugs] Re: [tao-users] Failure using DIOP Protocol ... / CORBA client fails if diop:// is configured as an endpoint
Hi Michael, > Yes, for UDP I could not find out how to let the OS select a free > port - by default it uses always the same - which in the case of two > servers leads to a problem. Did you try to use ACE_Sock_Connect::bind_port()? This is supposed to let the OS select a free port on a particular handle! UV, if you're feeling adventureous you might seeing if you can make this work. > I had long discussions about this with network experts. The smallest > common demoninator we found to be working in our networks was 4k, > but we had also suggessful tests with larger sizes. Best is to > change the protocol plugin and test it in your environment - just > change the constant. Agreed! Thanks, Doug This is a multi-part message in MIME format. --------------090209010404050109030606 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii; format=flowed All right then, thanks a lot for the advice. I will use port numbers hashed from LAN IP numbers first and then try to sort out the ACE_Sock_Connect::bind_port() as the proper solution. I'll try my luck and report the results. Cheers, UV Douglas C. Schmidt wrote: >Hi Michael, > > > >>Yes, for UDP I could not find out how to let the OS select a free >>port - by default it uses always the same - which in the case of two >>servers leads to a problem. >> >> > >Did you...

RE: MIT Kerberos and Solaris 10 Kerberos #3
Thanks for the response. Please see inline... > In Solaris 10, all of the Kerberos services are already bundled, > there is no longer any external packages that need to be added. Right. > Whoever told you 'ksu' was part of the encryption kit was mistaken, > ksu has never been part of SEAM. OK, thanks for that clarification. It was a bit of a surprise to me when I was told it was there. So, does the Solaris 10 SEAM have any functionality similar to ksu, or just the standard su command? > The encryption kit for Solaris 10 enhances the overall crypto > capabilities of the system, the only benefit Kerberos gets is > that it can support AES-256 with the S10 encryption kit. > Without the S10 encryption kit, the strongest AES crypto > available for Kerberos in S10 is AES-128. And this fits more with what I understood, before my co-worker's comments. > On the S10 system, you must make sure to enable the "eklogin" service. > Run this command (as root): > > # svcadm enable eklogin Hmm. That may be a good part of my problem. I added the inetd.conf entry for the old (MIT) eklogin, and ran inetconv. So, this is probably really confusing the system. I'll try to revert that, and do the svcadm. > For Solaris 8 with the SEAM rlogin daemon, make sure your > inetd.conf entries > are correct. We don't actually run SEAM on any Sol8 systems; it's all MIT. > Don't bother with inetd.conf in S10, ...

Re: section 3.2 of protocol draft #3
>>>>> "Miek" == Miek Gieben <miekg@atoom.net> writes: >> A security-aware recursive name server MUST NOT attempt >> to answer a query by piecing together cached data it >> received in response to previous queries that requested >> different QNAMEs, QTYPEs, or QCLASSes. A security-aware >> recursive name server MUST NOT use NSEC RRs from one >> negative response to synthesize a response for a different >> query. A security-aware recursive name server MUST NOT use >> a pr...

Re: Save and Re-Use a File Equation #3
It unless you're a large organization with multiple check printing = sites, seems to me that a user should not be able to choose different = printers for checks anyway. (Usually I see a dedicated check printer = and that's all it does.) Instead of a menu driven job interface, don't users also have access to = stream static job files they cannot modify? Then you can write the job yourself and leave it in place for the users. Or is your system totally menu option driven? BT Tracy Johnson MSI Schaevitz Sensors=20 > -----Original Message----- > From: ...

Re: Using/Not using Mirroring to manage diferent accounts #3
Sounds very plausible to me. I can't see any flaws at all in your cunning plan. At 08:37 AM 2003-10-07, Andrew Cartledge wrote: >Can anyone see any flaws in my cunning plan. > >I have system that is mirrored. > >This holds both a production (live) account and a test account. > >The drawback, as I see it, is that for every n gig of disk I only really >have half of it really available. > >I am toying with the idea of adding some new disks but assigninging it to a >non mirrored volume set i.e. test_set. I will leave the live account on the &g...

RE: Re: how do you convert from hex to integer using SQL ? #3
Sebastian, Norma J. said: > > Rajib, > > I played with your sql: "select '0xa' + 0 from systables where tabid = > 1;" ... "It'll print the integer value of the hex" > > I ran this: > select tabname, partnum, > hex(partnum), ('0xa' + hex(partnum)) > from systables 0xa != 0 :o) > I get results like: > > tabname ebkpf (SAP table names...) > partnum 62914738 > (expression) 0x03C000B2 > (expression) 62914748.0000000 > > tabname syschecks > partnum 1048716 > (expression) 0x0010008C > (expression) 1048726.00000000 > > tabname syscoldepend > partnum 1048718 > (expression) 0x0010008E > (expression) 1048728.00000000 > > > Shouldn't the partnum and the second expression be equal based on your > suggestion, or am I doing something wrong? > Thanks, > Norma Jean > > > > -----Original Message----- > From: Rajib Sarkar <rsarkar@us.ibm.com> > To: darren.edgerton@reece.com.au > Date: Wed, 5 Jan 2005 13:00:28 -0700 > Subject: Re: how do you convert from hex to integer using SQL ? > > Its pretty simple actually ..:-) > u can try something like: > select '0xa' + 0 from systables where tabid = 1; > It'll print the integer value of the hex. U can substitute ur column > instead of the hard...

Web resources about - RE: kinit request on keytab fails using 2K3sp1 KDC #3 - comp.protocols.kerberos

Wikipedia:Admin coaching/Requests for Coaching - Wikipedia, the free encyclopedia
Are added to the current request list in date order, newest at the end . Coaches will contact people at or near the top of the list, with preference ...

Pope Francis never received request to meet Ballarat sex abuse victims, says Vatican
Child sex abuse survivors who flew to Rome to hear Cardinal George Pell give evidence to a royal commission say their request to meet the Pope ...

Pope Francis never received request to meet Ballarat sex abuse victims, says Vatican
Child sex abuse survivors who flew to Rome to hear Cardinal George Pell give evidence to a royal commission say their request to meet the Pope ...

Energy East Hearings To Go On After Quebec Court Smacks Down Suspension Request 23
But another court challenge is on its way. MONTREAL — A Quebec court has rejected a request by an environmental coalition to have hearings into ...

In new filing, DOJ says its request ‘invades no one’s privacy,’ Apple’s response is ‘corrosive’
The Department of Justice has today filed its latest response to Apple in their fight over unlocking the iPhone 5c used by one of the San Bernardino ...

Balloon Juice Bunker Standoff: The US Government Responds to Peter Santilli’s Request for Bail
Yesterday the US Attorneys in Oregon and Nevada responded to Peter Santilli’s request to get bail . Santilli’s argument is that he’s not a party ...

WFMU Fundraiser Marathon underway; Yo La Tengo playing requests in exchange for pledges this weekend
Hear Yo La Tengo play your favorite song or try to stump the band as part of the NJ independent radio station's annual pledge drive.

Google is seeing a huge surge in copyright takedown requests
Google is seeing a huge surge in companies asking it to remove copyrighted material from its search results. In the last week, copyright holders ...

Judge grants request to unseal Bobbi Kristina autopsy
WXIA-TV reports the judge will likely sign an unsealing order in the coming days

Google copyright takedown requests jump to 76 million in past month
The number of requests from copyright holders to get rid of links to allegedly infringing content has more than doubled compared to last year. ...

Resources last updated: 3/10/2016 10:24:28 PM