using UPN to auth

Terry td3201 at gmail.com
Thu Mar 13 22:32:36 EDT 2008


Disregard, compiles fine.  I manually entered the patch and had to
modify the Makefile to include /usr/include/kerberosIV to find krb.h.
Works great.  :)   VERY good work and thank you.

On Thu, Mar 13, 2008 at 8:59 PM, Terry <td3201 at gmail.com> wrote:
> I am not sure if this is too much off topic to be on the list, please
>  remove the list in your reply if it is but it might be helpful for
>  others.  The patch is failing for me.  I just downloaded 5.3 source of
>  mod_auth_kerb and tried applying the patch:
>
>  [root at omajelut03 src]# patch -p0 <patch
>  patching file mod_auth_kerb.c
>  Hunk #1 FAILED at 679.
>  Hunk #2 FAILED at 899.
>  Hunk #3 FAILED at 954.
>  3 out of 3 hunks FAILED -- saving rejects to file mod_auth_kerb.c.rej
>
>  I really appreciate your diligence.
>
>
>
>  On Thu, Mar 13, 2008 at 3:55 PM, Markus Moeller <huaraz at moeller.plus.com> wrote:
>  > Oops it wasn't my final patch version. It is for mod_auth_kerb 5.3. Also you
>  >  don't need to escape the @.
>  >
>  >  Sorry
>  >  Markus
>  >
>  >  --- mod_auth_kerb.c     2008-03-13 20:51:38.000000000 +0000
>  >  +++ mod_auth_kerb.c.new 2008-03-13 20:51:19.000000000 +0000
>  >
>  > @@ -679,6 +679,13 @@
>  >     if (ret == 0) {
>  >        log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
>  >                  "Trying to get TGT for user %s", name);
>  >  +      if (!strstr(name, "\\\\@")) {
>  >  +#ifdef HEIMDAL
>  >  +         principal->name.name_type=10;
>  >  +#else
>  >  +         principal->type=10;
>  >  +#endif
>  >  +      }
>  >        free(name);
>  >     }
>  >
>  >  @@ -892,6 +899,7 @@
>  >     char            *name = NULL;
>  >     int             all_principals_unkown;
>  >     char            *p = NULL;
>  >  +   char            *q = NULL;
>  >
>  >     code = krb5_init_context(&kcontext);
>  >     if (code) {
>  >  @@ -946,9 +954,21 @@
>  >
>  >        *p++ = '\0';
>  >        if (conf->krb_auth_realms && !ap_find_token(r->pool,
>  >  conf->krb_auth_realms, p)) {
>  >          log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
>  >  -                   "Specified realm `%s' not allowed by configuration", p);
>  >  -         ret = HTTP_UNAUTHORIZED;
>  >  -         goto end;
>  >  +                    "Specified realm `%s' is not defined by configuration
>  >  assume it is an email addess", p);
>  >  +
>  >  +         q=apr_psprintf(r->pool, "%s\\@%s", sent_name, p);
>  >  +         sent_name = apr_pstrdup (r->pool, q);
>  >
>  > +         p = strchr(p, '@');
>  >  +         if (p) {
>  >  +            *p++ = '\0';
>  >  +            if (conf->krb_auth_realms && !ap_find_token(r->pool,
>  >  conf->krb_auth_realms, p)  ) {
>  >  +               log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
>  >  +                          "Specified realm `%s' not allowed by
>  >  configuration", p);
>  >  +
>  >  +               ret = HTTP_UNAUTHORIZED;
>  >  +               goto end;
>  >  +            }
>  >  +         }
>  >        }
>  >     }
>  >
>  >
>  >
>  >  "Terry" <td3201 at gmail.com> wrote in message
>  >  news:8ee061010803130850i1571e314k35b30617ad92d2f9 at mail.gmail.com...
>  >
>  >
>  > > Thanks a lot for the patch.  What version did you apply this patch to?
>  >  > I was able to get it to compile but it dumps when I authenticate via
>  >  > apache:
>  >  >
>  >  > [Thu Mar 13 10:47:42 2008] [error] [client 192.168.100.103] Specified
>  >  > realm `foobar.com' is not defined by configuration assume it is an
>  >  > email addess
>  >  > *** glibc detected *** /usr/sbin/httpd: munmap_chunk(): invalid
>  >  > pointer: 0x000055555beafd90 ***
>  >  > ======= Backtrace: =========
>  >  >
>  >  > Here are some more details:
>  >  > realm == foobar.hms
>  >  > email == jdoe at foobar.com
>  >  >
>  >  >
>  >  > Thanks!
>  >  >
>  >  > On Wed, Mar 12, 2008 at 3:30 PM, Markus Moeller <huaraz at moeller.plus.com>
>  >  > wrote:
>  >  >> OK Here is a patch I did some time ago for mod_auth_kerb, but you need to
>  >  >>  escape the @ .e.g. user\@mailaddress.com
>  >  >>
>  >  >>
>  >  >>  Markus
>  >  >>
>  >  >>
>  >  >>  --- mod_auth_kerb.c 2007-12-22 14:03:26.000000000 +0000
>  >  >>  +++ mod_auth_kerb.c.new 2008-03-12 20:19:42.000000000 +0000
>  >  >>  @@ -679,6 +679,13 @@
>  >  >>     if (ret == 0) {
>  >  >>        log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
>  >  >>            "Trying to get TGT for user %s", name);
>  >  >>  +      if (!strstr(name, "\\@")) {
>  >  >>  +#ifdef HEIMDAL
>  >  >>  +         principal->name.name_type=10;
>  >  >>  +#else
>  >  >>  +         principal->type=10;
>  >  >>  +#endif
>  >  >>  +      }
>  >  >>        free(name);
>  >  >>     }
>  >  >>
>  >  >>  @@ -892,6 +899,7 @@
>  >  >>     char            *name = NULL;
>  >  >>     int             all_principals_unkown;
>  >  >>     char            *p = NULL;
>  >  >>  +   char            *q = NULL;
>  >  >>
>  >  >>
>  >  >>     code = krb5_init_context(&kcontext);
>  >  >>     if (code) {
>  >  >>  @@ -946,9 +954,22 @@
>  >  >>        *p++ = '\0';
>  >  >>        if (conf->krb_auth_realms && !ap_find_token(r->pool,
>  >  >>  conf->krb_auth_realms, p)) {
>  >  >>    log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
>  >  >>  -             "Specified realm `%s' not allowed by configuration", p);
>  >  >>  -         ret = HTTP_UNAUTHORIZED;
>  >  >>  -         goto end;
>  >  >>  +                    "Specified realm `%s' is not defined by
>  >  >> configuration
>  >  >>  assume it is an email addess", p);
>  >  >>  +
>  >  >>  +         q=apr_psprintf(r->pool, "%s\\@%s", sent_name, p);
>  >  >>  +         sent_name = apr_pstrdup (r->pool, q);
>  >  >>  +         free(q);
>  >  >>  +         p = strchr(p, '@');
>  >  >>  +         if (p) {
>  >  >>  +            *p++ = '\0';
>  >  >>  +            if (conf->krb_auth_realms && !ap_find_token(r->pool,
>  >  >>  conf->krb_auth_realms, p)) {
>  >  >>  +               log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
>  >  >>  +                          "Specified realm `%s' not allowed by
>  >  >>  configuration", p);
>  >  >>  +
>  >  >>  +               ret = HTTP_UNAUTHORIZED;
>  >  >>  +               goto end;
>  >  >>  +            }
>  >  >>  +         }
>  >  >>
>  >  >>        }
>  >  >>     }
>  >  >>
>  >  >>
>  >  >>
>  >  >>
>  >  >>  "Terry" <td3201 at gmail.com> wrote in message
>  >  >>  news:8ee061010803121254ra78c99fw402b152bfc15951b at mail.gmail.com...
>  >  >>
>  >  >>
>  >  >> > Man, this is a mess.  Not sure I want to dig this deep into the
>  >  >> > problem.
>  >  >>  >
>  >  >>  > On Wed, Mar 12, 2008 at 2:09 PM, Markus Moeller
>  >  >> <huaraz at moeller.plus.com>
>  >  >>  > wrote:
>  >  >>  >> Yes you need to modify mod_auth_kerb. One thing you need to aware of
>  >  >> is
>  >  >>  >>  that the determination of the realm id more difficult as the email
>  >  >>  >> address
>  >  >>  >>  uses @ and the REALM starts with @.
>  >  >>  >>
>  >  >>  >>  Markus
>  >  >>  >>
>  >  >>  >>  Source inserted below:
>  >  >>  >>
>  >  >>  >>   #include <stdio.h>
>  >  >>  >>  #include <stdlib.h>
>  >  >>  >>  #include <string.h>
>  >  >>  >>  #include <krb5.h>
>  >  >>  >>  #define REALM "WIN2003R2.HOME"
>  >  >>  >>  #define      KDC_OPT_CANONICALIZE 0x00010000
>  >  >>  >>  int main(int argc, char *argv[], char **envp) {
>  >  >>  >>     char*  program_name=NULL;
>  >  >>  >>     char*  principal_name=NULL;
>  >  >>  >>     char*  realm_name=NULL;
>  >  >>  >>
>  >  >>  >>     krb5_context        kcontext;
>  >  >>  >>     krb5_principal      kprincipal;
>  >  >>  >>     krb5_ccache         kccache;
>  >  >>  >>     krb5_error_code     code=0;
>  >  >>  >>     krb5_creds   my_creds;
>  >  >>  >>     krb5_get_init_creds_opt options;
>  >  >>  >>
>  >  >>  >>     int          i;
>  >  >>  >>
>  >  >>  >>
>  >  >>  >>     program_name = argv[0];
>  >  >>  >>     if (argc <= 1)
>  >  >>  >>         exit(-1);
>  >  >>  >>     if (argc > 1)
>  >  >>  >>   principal_name=argv[1];
>  >  >>  >>
>  >  >>  >>     code = krb5_init_context(&kcontext);
>  >  >>  >>     if (code) {
>  >  >>  >>         com_err(program_name, code, "while initializing Kerberos 5
>  >  >>  >>  library");
>  >  >>  >>         exit(-2);
>  >  >>  >>     }
>  >  >>  >>     if ((code = krb5_cc_default(kcontext, &kccache))) {
>  >  >>  >>   com_err(program_name, code, "while getting default ccache");
>  >  >>  >>   exit(-3);
>  >  >>  >>     }
>  >  >>  >>
>  >  >>  >>     krb5_get_init_creds_opt_init(&options);
>  >  >>  >>     memset(&my_creds, 0, sizeof(my_creds));
>  >  >>  >>
>  >  >>  >>     if ( argc <= 2 ) {
>  >  >>  >>  /*
>  >  >>  >>   *  No realm give on command line use predefined realm
>  >  >>  >>   */
>  >  >>  >>   realm_name=strdup(REALM);
>  >  >>  >>   if (strchr(principal_name,'@')){
>  >  >>  >>  /*
>  >  >>  >>   *  email address as principal name
>  >  >>  >>   */
>  >  >>  >>      char* enterprisename;
>  >  >>  >>      char* p;
>  >  >>  >>
>  >  >>  >> enterprisename=malloc(strlen(principal_name)+2+strlen(realm_name)+1);
>  >  >>  >>      strcpy(enterprisename,principal_name);
>  >  >>  >>      p=strchr(enterprisename,'@');
>  >  >>  >>      *p='\\';
>  >  >>  >>      *p++='\\';
>  >  >>  >>      *p++='\0';
>  >  >>  >>      strcat(enterprisename,strchr(principal_name,'@'));
>  >  >>  >>             strcat(enterprisename,"@");
>  >  >>  >>             strcat(enterprisename,realm_name);
>  >  >>  >>      if ((code = krb5_parse_name(kcontext, enterprisename,
>  >  >>  >>      &kprincipal))) {
>  >  >>  >>   com_err(program_name, code, "when parsing name %s",
>  >  >>  >>    enterprisename);
>  >  >>  >>   if (enterprisename)
>  >  >>  >>       free(enterprisename);
>  >  >>  >>   exit(1);
>  >  >>  >>      }
>  >  >>  >>      if (enterprisename)
>  >  >>  >>   free(enterprisename);
>  >  >>  >>  #ifdef HEIMDAL
>  >  >>  >>                 kprincipal->name.name_type=10;
>  >  >>  >>  #else
>  >  >>  >>                 kprincipal->type=10;
>  >  >>  >>  #endif
>  >  >>  >>
>  >  >>  >>   }
>  >  >>  >>   else
>  >  >>  >>   {
>  >  >>  >>  /*
>  >  >>  >>   *  No email address as principal name
>  >  >>  >>   */
>  >  >>  >>             char* principal_realm_name;
>  >  >>  >>
>  >  >>  >>
>  >  >> principal_realm_name=malloc(strlen(principal_name)+strlen(realm_name)+1);
>  >  >>  >>      strcpy(principal_realm_name,principal_name);
>  >  >>  >>             strcat(principal_realm_name,"@");
>  >  >>  >>             strcat(principal_realm_name,realm_name);
>  >  >>  >>      if ((code = krb5_parse_name(kcontext, principal_realm_name,
>  >  >>  >>      &kprincipal))) {
>  >  >>  >>   com_err(program_name, code, "when parsing name %s",
>  >  >>  >>    principal_realm_name);
>  >  >>  >>   exit(1);
>  >  >>  >>      }
>  >  >>  >>      if (principal_realm_name)
>  >  >>  >>   free(principal_realm_name);
>  >  >>  >>   }
>  >  >>  >>  /*
>  >  >>  >>   *  Get TGT
>  >  >>  >>   */
>  >  >>  >>         code = krb5_get_init_creds_password(kcontext, &my_creds,
>  >  >>  >> kprincipal,
>  >  >>  >>                                             0, krb5_prompter_posix,
>  >  >> 0,
>  >  >>  >>                                             0,
>  >  >>  >>                                             0,
>  >  >>  >>                                             &options);
>  >  >>  >>
>  >  >>  >>   if (code) {
>  >  >>  >>      if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
>  >  >>  >>   fprintf(stderr, "%s: Password incorrect while getting initial
>  >  >>  >>  credentials\n", program_name);
>  >  >>  >>      else
>  >  >>  >>   com_err(program_name, code, "while getting initial credentials");
>  >  >>  >>      krb5_free_cred_contents(kcontext, &my_creds);
>  >  >>  >>      exit(999);
>  >  >>  >>   }
>  >  >>  >>   code = krb5_cc_initialize(kcontext, kccache, kprincipal);
>  >  >>  >>   if (code) {
>  >  >>  >>      com_err(program_name, code, "when initializing cache");
>  >  >>  >>      krb5_free_cred_contents(kcontext, &my_creds);
>  >  >>  >>      exit(999);
>  >  >>  >>   }
>  >  >>  >>
>  >  >>  >>   code = krb5_cc_store_cred(kcontext, kccache, &my_creds);
>  >  >>  >>   if (code) {
>  >  >>  >>      com_err(program_name, code, "while storing credentials");
>  >  >>  >>      krb5_free_cred_contents(kcontext, &my_creds);
>  >  >>  >>      exit(999);
>  >  >>  >>   }
>  >  >>  >>  /*
>  >  >>  >>   *   Successful
>  >  >>  >>   */
>  >  >>  >>   krb5_free_cred_contents(kcontext, &my_creds);
>  >  >>  >>   exit(0);
>  >  >>  >>     }
>  >  >>  >>     else
>  >  >>  >>     {
>  >  >>  >>  /*
>  >  >>  >>   *  realms are given on command line loop over them
>  >  >>  >>   */
>  >  >>  >>   for (i=0;i<=argc-2;i++){
>  >  >>  >>      realm_name=argv[2+i];
>  >  >>  >>      if (strchr(principal_name,'@')){
>  >  >>  >>  /*
>  >  >>  >>   *  email address as principal name
>  >  >>  >>   */
>  >  >>  >>   char* enterprisename;
>  >  >>  >>   char* p;
>  >  >>  >>
>  >  >> enterprisename=malloc(strlen(principal_name)+2+strlen(realm_name)+1);
>  >  >>  >>   strcpy(enterprisename,principal_name);
>  >  >>  >>   p=strchr(enterprisename,'@');
>  >  >>  >>   *p='\\';
>  >  >>  >>   *p++='\\';
>  >  >>  >>   *p++='\0';
>  >  >>  >>   strcat(enterprisename,strchr(principal_name,'@'));
>  >  >>  >>                 strcat(enterprisename,"@");
>  >  >>  >>                 strcat(enterprisename,realm_name);
>  >  >>  >>   if ((code = krb5_parse_name(kcontext, enterprisename,
>  >  >>  >>          &kprincipal))) {
>  >  >>  >>       com_err(program_name, code, "when parsing name %s",
>  >  >>  >>        enterprisename);
>  >  >>  >>       if (enterprisename)
>  >  >>  >>    free(enterprisename);
>  >  >>  >>       exit(1);
>  >  >>  >>   }
>  >  >>  >>   if (enterprisename)
>  >  >>  >>       free(enterprisename);
>  >  >>  >>  #ifdef HEIMDAL
>  >  >>  >>                 kprincipal->name.name_type=10;
>  >  >>  >>  #else
>  >  >>  >>                 kprincipal->type=10;
>  >  >>  >>  #endif
>  >  >>  >>
>  >  >>  >>      }
>  >  >>  >>      else
>  >  >>  >>      {
>  >  >>  >>  /*
>  >  >>  >>   *  No email address as principal name
>  >  >>  >>   */
>  >  >>  >>   char* principal_realm_name;
>  >  >>  >>
>  >  >>  >>
>  >  >> principal_realm_name=malloc(strlen(principal_name)+strlen(realm_name)+1);
>  >  >>  >>   strcpy(principal_realm_name,principal_name);
>  >  >>  >>   strcat(principal_realm_name,"@");
>  >  >>  >>   strcat(principal_realm_name,realm_name);
>  >  >>  >>   if ((code = krb5_parse_name(kcontext, principal_realm_name,
>  >  >>  >>          &kprincipal))) {
>  >  >>  >>       com_err(program_name, code, "when parsing name %s",
>  >  >>  >>        principal_realm_name);
>  >  >>  >>       exit(1);
>  >  >>  >>   }
>  >  >>  >>   if (principal_realm_name)
>  >  >>  >>       free(principal_realm_name);
>  >  >>  >>
>  >  >>  >>      }
>  >  >>  >>      code = krb5_get_init_creds_password(kcontext, &my_creds,
>  >  >> kprincipal,
>  >  >>  >>       0, krb5_prompter_posix, 0,
>  >  >>  >>       0,
>  >  >>  >>       0,
>  >  >>  >>       &options);
>  >  >>  >>      if (code) {
>  >  >>  >>   if (code == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN || code ==
>  >  >>  >> KRB5_REALM_UNKNOWN)
>  >  >>  >>  /*
>  >  >>  >>   *  Principal unknown in this realm try next
>  >  >>  >>   */
>  >  >>  >>                     continue;
>  >  >>  >>   else if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
>  >  >>  >>       fprintf(stderr, "%s: Password incorrect while getting initial
>  >  >>  >>  credentials\n", program_name);
>  >  >>  >>   else
>  >  >>  >>       com_err(program_name, code, "while getting initial
>  >  >> credentials");
>  >  >>  >>   krb5_free_cred_contents(kcontext, &my_creds);
>  >  >>  >>   exit(999);
>  >  >>  >>      } else {
>  >  >>  >>   code = krb5_cc_initialize(kcontext, kccache, kprincipal);
>  >  >>  >>   if (code) {
>  >  >>  >>       com_err(program_name, code, "when initializing cache");
>  >  >>  >>       krb5_free_cred_contents(kcontext, &my_creds);
>  >  >>  >>       exit(999);
>  >  >>  >>   }
>  >  >>  >>
>  >  >>  >>   code = krb5_cc_store_cred(kcontext, kccache, &my_creds);
>  >  >>  >>   if (code) {
>  >  >>  >>       com_err(program_name, code, "while storing credentials");
>  >  >>  >>       krb5_free_cred_contents(kcontext, &my_creds);
>  >  >>  >>       exit(999);
>  >  >>  >>   }
>  >  >>  >>  /*
>  >  >>  >>   *   Successful
>  >  >>  >>   */
>  >  >>  >>   krb5_free_cred_contents(kcontext, &my_creds);
>  >  >>  >>   exit(0);
>  >  >>  >>      }
>  >  >>  >>
>  >  >>  >>   }
>  >  >>  >>   if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
>  >  >>  >>      fprintf(stderr, "%s: Password incorrect while getting initial
>  >  >>  >>  credentials\n", program_name);
>  >  >>  >>   else
>  >  >>  >>      com_err(program_name, code, "while getting initial
>  >  >> credentials");
>  >  >>  >>   krb5_free_cred_contents(kcontext, &my_creds);
>  >  >>  >>   exit(999);
>  >  >>  >>     }
>  >  >>  >>     krb5_free_cred_contents(kcontext, &my_creds);
>  >  >>  >>     exit(-999);
>  >  >>  >>
>  >  >>  >> }
>  >  >>  >>
>  >  >>  >>
>  >  >>  >>
>  >  >>  >>  "Terry" <td3201 at gmail.com> wrote in message
>  >  >>  >>  news:mailman.33.1205339252.3372.kerberos at mit.edu...
>  >  >>  >>
>  >  >>  >> >I am not sure if this matters but the end result is to use
>  >  >>  >>  > mod_auth_kerb to authenticate users.  You are saying I need to
>  >  >>  >>  > recompile it to use type 10 (enterprise name type)?  I might be
>  >  >> able
>  >  >>  >>  > to figure that out.  :)
>  >  >>  >>  >
>  >  >>  >>  >
>  >  >>  >>  >
>  >  >>  >>
>  >  >>  >> > On Tue, Mar 11, 2008 at 7:32 PM, Markus Moeller
>  >  >>  >> > <huaraz at moeller.plus.com>
>  >  >>  >>  > wrote:
>  >  >>  >>
>  >  >>  >>
>  >  >>  >> >> You need a modified kinit which sets the principal type  to 10
>  >  >>  >>  >> (enterprise
>  >  >>  >>  >>  name type). Windows will then use the UPN instead of the
>  >  >>  >> samaccountname
>  >  >>  >>  >> to
>  >  >>  >>  >>  authenticate. (See attached sample mkinit.c)
>  >  >>  >>  >>
>  >  >>  >>  >>  Markus.
>  >  >>  >>  >>
>  >  >>  >>  >>  BTW If your client support client canonicalisation you can
>  >  >>  >> authenticate
>  >  >>  >>  >> as
>  >  >>  >>  >>  jdoe at domain.com but get a ticket for samaccountname.
>  >  >>  >>  >>
>  >  >>  >>  >>  "Terry" <td3201 at gmail.com> wrote in message
>  >  >>  >>  >>
>  >  >> news:8ee061010803111146g3d5b36b2rd5e22be1d3961073 at mail.gmail.com...
>  >  >>  >>  >>
>  >  >>  >>  >>
>  >  >>  >>  >> > Hello,
>  >  >>  >>  >>  >
>  >  >>  >>  >>  > I am very new to this.  I have a FQDN in AD set to domain.foo.
>  >  >>  >> The
>  >  >>  >>  >>  > UPN of a user is jdoe at domain.com.  (note the difference
>  >  >> between
>  >  >>  >> foo
>  >  >>  >>  >>  > and com).
>  >  >>  >>  >>  >
>  >  >>  >>  >>  > How can I authenticate with jdoe at domain.com?  I am able to
>  >  >> auth
>  >  >>  >>  >>  > correctly with the sAMAccountName.
>  >  >>  >>  >>  >
>  >  >>  >>  >>  > Thanks!
>  >  >>  >>  >>  > ________________________________________________
>  >  >>  >>  >>  > Kerberos mailing list           Kerberos at mit.edu
>  >  >>  >>  >>  > https://mailman.mit.edu/mailman/listinfo/kerberos
>  >  >>  >>  >>  >
>  >  >>  >>  >>
>  >  >>  >>  >> ________________________________________________
>  >  >>  >>  >>  Kerberos mailing list           Kerberos at mit.edu
>  >  >>  >>  >>  https://mailman.mit.edu/mailman/listinfo/kerberos
>  >  >>  >>  >>
>  >  >>  >>  >>
>  >  >>  >>
>  >  >>  >>  ________________________________________________
>  >  >>  >>  Kerberos mailing list           Kerberos at mit.edu
>  >  >>  >>  https://mailman.mit.edu/mailman/listinfo/kerberos
>  >  >>  >>
>  >  >>  > ________________________________________________
>  >  >>  > Kerberos mailing list           Kerberos at mit.edu
>  >  >>  > https://mailman.mit.edu/mailman/listinfo/kerberos
>  >  >>  >
>  >  >>
>  >  >>
>  >  >>  ________________________________________________
>  >  >>  Kerberos mailing list           Kerberos at mit.edu
>  >  >>  https://mailman.mit.edu/mailman/listinfo/kerberos
>  >  >>
>  >  > ________________________________________________
>  >  > Kerberos mailing list           Kerberos at mit.edu
>  >  > https://mailman.mit.edu/mailman/listinfo/kerberos
>  >  >
>  >
>  >
>  >  ________________________________________________
>  >  Kerberos mailing list           Kerberos at mit.edu
>  >  https://mailman.mit.edu/mailman/listinfo/kerberos
>  >
>



More information about the Kerberos mailing list