How does gsscred work?

carcassone_fr@yahoo.com carcassone_fr at yahoo.com
Mon Jul 8 17:49:35 EDT 2002 

So one should not expect KDC output when running "gsscred -a"?

Nicolas.Williams at ubsw.com wrote in message news:<17D3D857B26112409EA372EB0AFE39DD125F37 at NSTMC005PEX1.ubsgs.ubsgroup.net>...
> The gsscred command makes GSS/Kerberos names out of usernames.
> That's all it does.
> 
> So what could there be for the KDC to do for gsscred? Principal
> name validation? A principal name might be valid one moment,
> and later not (e.g., a user might be fired/layed off or quit
> soon after you create a gsscred db entry for her), so that's
> not really useful (principal name "validation" is really done
> during GSS context setup).
> 
> Cheers,
> 
> Nico
> -- 
> 
> > -----Original Message-----
> > From: carcassone_fr at yahoo.com [mailto:carcassone_fr at yahoo.com]
> > Sent: Friday, July 05, 2002 2:04 PM
> > To: kerberos at mit.edu
> > Subject: How does gsscred work?
> > 
> > 
> > I have install a KDC on a Solaris machine which will act as the
> > server.  My client machine is a HP-UX.  I got gss-server (Solaris) and
> > gss-client (Solaris and HP-UX) working without any problems.
> > 
> > Then I ported gsscred on HP-UX.  The utility executed without any
> > errors and generated gsscred_db for the Kerberos mechanism.  However,
> > I don't see any output from KDC log file when gsscred is executed. 
> > Shouldn't gsscred be talking to the KDC?
> > 
> > How about gssd?  Which services/principals are gsscred/gssd utilizing
> > when going over to the KDC?
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > http://mailman.mit.edu/mailman/listinfo/kerberos
> > 
> 
> Visit our website at http://www.ubswarburg.com
> 
> This message contains confidential information and is intended only 
> for the individual named.  If you are not the named addressee you 
> should not disseminate, distribute or copy this e-mail.  Please 
> notify the sender immediately by e-mail if you have received this 
> e-mail by mistake and delete this e-mail from your system.
> 
> E-mail transmission cannot be guaranteed to be secure or error-free 
> as information could be intercepted, corrupted, lost, destroyed, 
> arrive late or incomplete, or contain viruses.  The sender therefore 
> does not accept liability for any errors or omissions in the contents 
> of this message which arise as a result of e-mail transmission.  If 
> verification is required please request a hard-copy version.  This 
> message is provided for informational purposes and should not be 
> construed as a solicitation or offer to buy or sell any securities or 
> related financial instruments.
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list