kerberos
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
kerberos
by Bruce Smith-11
::
Rate this Message:
I'm trying to join a DL 1.3 box to an AD domain for the first time and
my first impression was DL doesn't contain kerberos since none of the commands are in the default $PATH. Then I found that the binaries are in /usr/bin/krb5/ and /usr/sbin/krb5/. On Ubuntu and CentOS (and probably others), the kerberos binaries reside in /usr/[s]bin/. Why does DL have them in their own directories? Is it because a few kerberos'ied binaries conflict with their regular counterparts (ftp, telnet, rcp, rlogin, rsh)?. Should we move (or link?) the rest of the krb5 binaries into the regular /usr/[s]bin/ PATH? On a side note, I remember Heiko replying to people who ask about telnetd in DL; it's not included because it's not secure. The correct answer is the kerberos'ized telnetd is here: /usr/sbin/krb5/telnetd, which does unencrypted plain text logins too (just tested it). ;-) - BS ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Devil-linux-discuss mailing list Devil-linux-discuss@... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
|
|
Re: kerberos
by Heiko Zuerker
::
Rate this Message:
Quoting Bruce Smith <bws@...>:
> I'm trying to join a DL 1.3 box to an AD domain for the first time and > my first impression was DL doesn't contain kerberos since none of the > commands are in the default $PATH. Then I found that the binaries are > in /usr/bin/krb5/ and /usr/sbin/krb5/. > > On Ubuntu and CentOS (and probably others), the kerberos binaries > reside in /usr/[s]bin/. Why does DL have them in their own > directories? > > Is it because a few kerberos'ied binaries conflict with their regular > counterparts (ftp, telnet, rcp, rlogin, rsh)?. Should we move (or > link?) the rest of the krb5 binaries into the regular /usr/[s]bin/ > PATH? Yes you're correct, back when we added it, the krb5 files caused some conflicts since they overwrote other binaries. We could try your suggestion. > > On a side note, I remember Heiko replying to people who ask about > telnetd in DL; it's not included because it's not secure. The > correct answer is the kerberos'ized telnetd is here: > /usr/sbin/krb5/telnetd, which does unencrypted plain text logins too > (just tested it). ;-) Oops. ;-) -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Devil-linux-discuss mailing list Devil-linux-discuss@... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
|
|
Re: kerberos
by Bruce Smith-11
::
Rate this Message:
>> I'm trying to join a DL 1.3 box to an AD domain for the first time and
>> my first impression was DL doesn't contain kerberos since none of the >> commands are in the default $PATH. Then I found that the binaries are >> in /usr/bin/krb5/ and /usr/sbin/krb5/. >> >> On Ubuntu and CentOS (and probably others), the kerberos binaries >> reside in /usr/[s]bin/. Why does DL have them in their own >> directories? >> >> Is it because a few kerberos'ied binaries conflict with their regular >> counterparts (ftp, telnet, rcp, rlogin, rsh)?. Should we move (or >> link?) the rest of the krb5 binaries into the regular /usr/[s]bin/ >> PATH? > > Yes you're correct, back when we added it, the krb5 files caused some > conflicts since they overwrote other binaries. > We could try your suggestion. Is there any reason not to allow krb5 to just overwrite the binaries? The krb5 version of the binaries should do everything the regular binaries do, plus kerberos authentication. - BS ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Devil-linux-discuss mailing list Devil-linux-discuss@... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
|
|
Re: kerberos
by Heiko Zuerker
::
Rate this Message:
Quoting Bruce Smith <bws@...>:
>>> I'm trying to join a DL 1.3 box to an AD domain for the first time and >>> my first impression was DL doesn't contain kerberos since none of the >>> commands are in the default $PATH. Then I found that the binaries are >>> in /usr/bin/krb5/ and /usr/sbin/krb5/. >>> >>> On Ubuntu and CentOS (and probably others), the kerberos binaries >>> reside in /usr/[s]bin/. Why does DL have them in their own >>> directories? >>> >>> Is it because a few kerberos'ied binaries conflict with their regular >>> counterparts (ftp, telnet, rcp, rlogin, rsh)?. Should we move (or >>> link?) the rest of the krb5 binaries into the regular /usr/[s]bin/ >>> PATH? >> >> Yes you're correct, back when we added it, the krb5 files caused some >> conflicts since they overwrote other binaries. >> We could try your suggestion. > > Is there any reason not to allow krb5 to just overwrite the binaries? > > The krb5 version of the binaries should do everything the regular > binaries do, plus kerberos authentication. Go through the archives, there was a reason why we did it this way. -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Devil-linux-discuss mailing list Devil-linux-discuss@... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
|
|
Re: kerberos
by Bruce Smith-11
::
Rate this Message:
>> Is there any reason not to allow krb5 to just overwrite the binaries?
>> >> The krb5 version of the binaries should do everything the regular >> binaries do, plus kerberos authentication. > > Go through the archives, there was a reason why we did it this way. I'll try adding the krb5 directories to my $PATH and see if that works first. But my project won't work with DL anyway since I need CUPS. So it may be awhile ... - BS ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Devil-linux-discuss mailing list Devil-linux-discuss@... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
| Free Forum Powered by Nabble | Forum Help |