fsfe-france
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fsfe-france] kerberos on fr.fsf.org

From: loic
Subject: [Fsfe-france] kerberos on fr.fsf.org
Date: Mon, 14 May 2001 22:41:23 +0200 
 > 
 > BTW, the fact that fr.fsf.org is behind NAT probably means that we
 > won't ever be able to use kerberos to connect to it, which I think is
 > kind of poor.

        Interesting question. Vincent (address@hidden) who designed
the network at Nevrax will be able to tell more. The setup of the "NAT"
is not like any other I know. 

        I did

apt-get install krb5-user

        and got

address@hidden:~$ kinit address@hidden
kinit(v5): Cannot resolve network address for KDC in requested realm while 
getting initial credentials
address@hidden:~$ 

        I'm not familiar enough with kerberos to figure out what's wrong.

        I installed /etc/krb5.conf with the following (probably old,
that's the one I got a year ago for my machine but it still works well
on another machine):

[libdefaults]
        default_realm = GNU.org
        default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
        default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true

[realms]
        ATHENA.MIT.EDU = {
                kdc = kerberos.mit.edu:88
                kdc = kerberos-1.mit.edu:88
                kdc = kerberos-2.mit.edu:88
                kdc = kerberos-3.mit.edu:88
                admin_server = kerberos.mit.edu
                default_domain = mit.edu
        }
        MEDIA-LAB.MIT.EDU = {
                kdc = kerberos.media.mit.edu
                admin_server = kerberos.media.mit.edu
        }
        ZONE.MIT.EDU = {
                kdc = casio.mit.edu
                kdc = seiko.mit.edu
                admin_server = casio.mit.edu
        }
        MOOF.MIT.EDU = {
                kdc = three-headed-dogcow.mit.edu:88
                kdc = three-headed-dogcow-1.mit.edu:88
                admin_server = three-headed-dogcow.mit.edu
        }
        CYGNUS.COM = {
                kdc = KERBEROS.CYGNUS.COM
                kdc = KERBEROS-1.CYGNUS.COM
                admin_server = KERBEROS.CYGNUS.COM
        }
        GREY17.ORG = {
                kdc = kerberos.grey17.org
                admin_server = kerberos.grey17.org
        }
        IHTFP.ORG = {
                kdc = kerberos.ihtfp.org
                admin_server = kerberos.ihtfp.org
        }
        GNU.ORG = {
                kdc = kerberos.gnu.org
                kdc = kerberos-2.gnu.org
                kdc = kerberos-3.gnu.org
                admin_server = kerberos.gnu.org
        }
        1TS.ORG = {
                kdc = kerberos.1ts.org
                admin_server = kerberos.1ts.org
        }
        GRATUITOUS.ORG = {
                kdc = kerberos.gratuitous.org
                admin_server = kerberos.gratuitous.org
        }
        DOOMCOM.ORG = {
                kdc = kerberos.doomcom.org
                admin_server = kerberos.doomcom.org
        }

[domain_realm]
        .mit.edu = ATHENA.MIT.EDU
        mit.edu = ATHENA.MIT.EDU
        .media.mit.edu = MEDIA-LAB.MIT.EDU
        media.mit.edu = MEDIA-LAB.MIT.EDU
        .whoi.edu = ATHENA.MIT.EDU
        whoi.edu = ATHENA.MIT.EDU

[login]
        krb4_convert = true
        krb4_get_tickets = true
reply via email to
[Prev in Thread] Current Thread [Next in Thread]