[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kerberos
- From: Jason Woodward <
>
- To: Tristan Lefebure <
>
- Cc: cslug-l <
>
- Subject: Re: kerberos
- Date: Mon, 1 Oct 2007 20:07:27 -0400
On Oct 1, 2007, at 5:21 PM, Tristan Lefebure wrote:
Hi,
I was wondering if one of you would have some experience with
kerberos at
Cornell. Basically:
- How to obtain Kerberos credentials?
My /etc/krb5.conf (ubuntu 7.04 in case you're wondering) has the
following at the top:
[libdefaults]
default_realm = CIT.CORNELL.EDU
... the following at the beginning of the [realms] section:
[realms]
CIT.CORNELL.EDU = {
kdc = kerberos.cit.cornell.edu
admin_server = kerberos.cit.cornell.edu
default_domain = cit.cornell.edu
}
... the following at the beginning of the [domain_realm] section:
[domain_realm]
.cornell.edu = CIT.CORNELL.EDU
cornell.edu = CIT.CORNELL.EDU
After that:
jdw@jdw-ubuntu:~$ kinit 
Password for :
jdw@jdw-ubuntu:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal:
Valid starting Expires Service principal
10/01/07 19:54:04 10/02/07 05:54:04 krbtgt/
renew until 10/02/07 19:54:04
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
jdw@jdw-ubuntu:~$
- How to connect to a "Kerberized webDAV"?
Not sure what you mean by this. It could mean one of two things: a
WebDAV service which has been modified to use Cornell's proprietary
out-of-band kerberos ticket delivery mechanism called SideCar. If
this is the case you're out of luck - SideCar is windows and PPC mac
only.
It could also mean CIT's kerberos-proxying WebDAV proxy which,
without getting into how or why, accepts your NetID and password over
HTTP Basic (SSL secured, only) and acquires a kerberos ticket on your
behalf. If this is the case then you do nothing more than connect
to it with your regular NetID and password.
It could also mean several other things.
- How to set up your email program, e.g. kmail, to use kerberos
authentication?
Dunno, I use fetchmail. Good luck.
Jason