Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Slowly and surely the unix crept up on the Nintendo user ...

devel / comp.protocols.kerberos / krbPrincipalName not creating principal in kerberos

SubjectAuthor
o krbPrincipalName not creating principal in kerberoskeerthi krishnan

1
krbPrincipalName not creating principal in kerberos

<mailman.21.1643870857.8148.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=211&group=comp.protocols.kerberos#211

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: keerthik...@gmail.com (keerthi krishnan)
Newsgroups: comp.protocols.kerberos
Subject: krbPrincipalName not creating principal in kerberos
Date: Thu, 3 Feb 2022 11:28:01 +0530
Organization: TNet Consulting
Lines: 57
Message-ID: <mailman.21.1643870857.8148.kerberos@mit.edu>
References: <CADcZyQT3=-Vcgi-Fr+hUafazaEYbSJvtNvh17aNgdGQ0PYmHtA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="20664"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: kerberos@mit.edu
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=lY0x37uTc2gK7VTyvNulEw2HaI8N7Whn4MhnzPL9Bv75K6IiSXqkwh+tNz5dN1OwRVr4/0cPMryKttwdGGsVplLyLzFqviLvXi6Ml+G7qbPcxc1Z5f77mCA7IBThUgCKxAAizo4uAEGt3Q9ibh1+tdqCt6w3/c2zbOPBnE0HwBR+Qi5C70iqYDRMq6V1vXauD/HHuG4SC2ynd4Twa11wp1RKLca+nD164qmmFh/dCIs1frRbZ90+aRyRumxlM1HR8Qex7Dvfy6/wuYvDZY6uo4mqDDDfRvjlW8AwFO1jbvHyVqT4hsnChQuRzSo6l0vtF7yzHYFsTS2cG1ouK9wFhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=Br6+5yFaG3bvlDnCed/pjcRbh+Lk4TDYMkc5iEUpwP8=;
b=lryT4QGJ7apUAa9NmYWJhqIufgmOogVaMxCiNM+EeHwib86p0CoNzU5GQbrkKlx+187mb1QOgeQMCNhFheVoI2ZPFPN6Ci9v+nx95AOCfpt2WyjbHknlCmL5pa7F8H7m6i+/Fg8TwMSBVvY8yf9J+6yb4o5sAyx6S8R7pfxTvkLeIphOGNqxp6at52h5w1FsVosI42PNTzVnj5wkAl6+IeACsygTx+2HGrP7MOTBu6f+k+MGGs0kKLESCQ8I7D9SJVRW9e7Pd2rYRBliapJu8c90XoiiV2QAko0loYjkphuw2A1/K5oRS9FoVtleN1o4HZT5LIdSLGmpigMFckYYXw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
209.85.167.181) smtp.rcpttodomain=mit.edu smtp.mailfrom=gmail.com; dmarc=pass
(p=none sp=quarantine pct=100) action=none header.from=gmail.com; dkim=pass
(signature was verified) header.d=gmail.com; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=Br6+5yFaG3bvlDnCed/pjcRbh+Lk4TDYMkc5iEUpwP8=;
b=YMrzPq/708nHdCIUXBz/bKg0k6UWd4Kqkxwrj+67HjnczWqyTFTwtDVgzQpjnpC7Ta5nUu4mP1hWVMpy6IwKL2wzQYvwOpR137TEUSyUjSmQ0LCfcZN25vDIuTxRJYhlKITrCsWMsaRwc7RYLySQYynhrFIMbJsyaso5fWKa+XE=
Authentication-Results: spf=pass (sender IP is 209.85.167.181)
smtp.mailfrom=gmail.com; dkim=pass (signature was verified)
header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;
Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates
209.85.167.181 as permitted sender) receiver=protection.outlook.com;
client-ip=209.85.167.181; helo=mail-oi1-f181.google.com;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:from:date:message-id:subject:to;
bh=Br6+5yFaG3bvlDnCed/pjcRbh+Lk4TDYMkc5iEUpwP8=;
b=R35YFDopyPCpVFTGQuVxV7AkhAK+SeM7hrO+t6MnxNE/7eVwK5uU+6tGaB6uYb0y02
OcZhPsncVSC7H9yQJJMni1pep/OEKBbXgRh4XVntdGx7n7mhyRN9Oe2wAh5rMdiZLr5Q
dBYKcTI0U8F9l1QiDWOeDlq7y8657eMUa581yfG/Ws3x+GG4+b+CUgf1lGyajf4aceSF
9O2rRNzFHw9LvCUVoGJf4zessLqn+/EZww2yJMMtOjnzphDcivM8S4Bd6By9u0VFrJgo
ip6Yl6w+VjtZV4BLLce+p5sZ05VQISOoF5MnwlQIt6M5PGGkVbCxXn77jrPMw3ifR+ye
HZQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=Br6+5yFaG3bvlDnCed/pjcRbh+Lk4TDYMkc5iEUpwP8=;
b=c5ipXLVEVL60VsUAJyCXC7JTKg4RXRQDWGHE/n3Q6ZQB6g+vGOVOVM5nAIRpguXUn5
4AUOR1qow4AJKbJEsZ0gx275KCUhbI2V7d40Eu7HRk2EGRMinSTfge7IPiU3N3s9rWfj
BLOgM3ZDnLTsXeMrSLAFkGZ/aD3Pt2OhVdoX2EuLlVzkk+2pG2i90k7ygKk1AQSdCuwf
tHJP9WgLk/XjyaDFcBuwtDrvHYTHnJ/HJW6DL29fyouxWH25eGbpLhEw5MT4iaaXQuMg
cdpwsABOli7hHKqYoLNN9951pWM7WY+VOP2K0R/C42Qr+9rZTSfqz3P9uu2HUTzvoGcl
jdQg==
X-Gm-Message-State: AOAM533lxHsoDBeA2QuRZqT1B8N6ZcYXtwFY590XSBjWe6sHFr/AgsjP
d9gZ+YfCpeyijghYnagYxgoWRdvcs6bF3B+Zuv99QireXcU=
X-Google-Smtp-Source: ABdhPJx1cRXx6FGs+sk+mvxHaaqHR0Bv6Mg7vlLq890nm7Y+iwgZ9i092VzzFEBY4/PbSsfdlfzckXn/NQLtulnJ7Z0=
X-Received: by 2002:a05:6808:ec4:: with SMTP id
q4mr6951310oiv.326.1643867892961;
Wed, 02 Feb 2022 21:58:12 -0800 (PST)
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a5c1a8ec-e954-4e89-7fa8-08d9e6da2a61
X-MS-TrafficTypeDiagnostic: BL0PR01MB4226:EE_
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam-PRVS: <BL0PR01MB422618AC4CCDCBEAF49BCC5AB0289@BL0PR01MB4226.prod.exchangelabs.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8882;
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: gM4zwWTPO2EgVbeKwLec8PHTXo+cfDIqUQXYm5XMTkOrqkN7rgTpZO5iqHvBkwpYJ7oiwCT0+LgG1J71IBbLocJUg+zkO+h9rxxVr37uBAJGsoU57RfbP9axCDzTVfLuxv5qLXbidgCfrLkJF8X6CeNZme9/3Qix+olTJcadNKEXGhTDR0Bs1he9NLJK2GIi4o1uYyIV/4gP2ECiIyf+eSLkVEykDZUJVeEotr94NN1FDlTLVGpVBPTlRPdLUmvffKLCDKdHXsTtI3+L0ej7Kc1iZqo8dJwafSd+hygfSLMhWAIzOqYRHZsnRiR4YimnS/yGhMa0ynI0UdC5UGIyp39rZ6DJtA15P/QTQSlWzveex/TqRLzUp2wXb8TyKEkv214Zn8fzk1t2Q9Dg3UMpFTyLiGzx8dpuWhrd1vuMyLlr7OeIDQq3MCpfT2XykF+C7n0Sfl9TGTUIWb3oII5kaU2llJnW5QwnA88b+W/E67YjIIved9cvSOn3mqxiJYRbGG2xy5QXICbaCwOl3JllJhDdlr7OLxiuWNc8u00VekihbLPkYgg7E/0XPcEFu3KZO6HWFjI0qC+J2qNOMCSYa4EFkMl4k3havE75m7OjduW4ZJD3fvmJFX9s1Dhopbm1R3FI6fjInB+Kk+I1L7pw6Ot8HxgRWdyOdF2k96dKiF8=
X-Forefront-Antispam-Report: CIP:209.85.167.181; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mail-oi1-f181.google.com; PTR:mail-oi1-f181.google.com;
CAT:NONE;
SFS:(13230001)(4636009)(84050400002)(7636003)(356005)(6666004)(26005)(73392003)(55446002)(68406010)(82202003)(8676002)(336012)(7596003)(83380400001)(70586007)(34206002)(86362001)(508600001)(33964004)(786003)(42186006)(76482006)(316002)(2906002)(5660300002)(57042007);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Feb 2022 05:58:13.7927 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a5c1a8ec-e954-4e89-7fa8-08d9e6da2a61
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT052.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR01MB4226
X-OriginatorOrg: mitprod.onmicrosoft.com
X-Mailman-Approved-At: Thu, 03 Feb 2022 01:47:35 -0500
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <CADcZyQT3=-Vcgi-Fr+hUafazaEYbSJvtNvh17aNgdGQ0PYmHtA@mail.gmail.com>
 by: keerthi krishnan - Thu, 3 Feb 2022 05:58 UTC

Hi Team,

I have ldap setup and kerberos setup.

Requirement:

1. We have list of users in ironport ldap and want to sync particular group
cn to kerbros and its password. So that both ldap and. kerberos will have
same password.
2. I want to create user object in ldap with multiple user alias like
uid=alice, krbPrincipalAliases: alice/admin@DOMAIN.COM
krbPrincipalName: alice/admin@DOMAIN.COM

Achieved
1. I have complied smbkrb5passwd module to sync user and its password from
ldap to kerberos. Here uid is creating as principal in kerberos.

Not working.

I have added user data like this
++++
dn: uid=wilf,ou=people,dc=domain,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: krbprincipalaux
objectClass: krbTicketPolicyAux
uid: wilf
cn: wilf/admin
sn: Fernandz
loginShell: /bin/bash
uidNumber: 10003
gidNumber: 10003
homeDirectory: /home/wilf
shadowMax: 60
shadowMin: 1
shadowWarning: 7
shadowInactive: 7
shadowLastChange: 0
krbPrincipalAliases: wilf/admin@DOMAINCOM
krbPrincipalName: wilf/admin@DOMAIN.COM
++++

But in kerberos, the principal creating as wilf@DOMAIN.COM but
krbPrincipalAliases not creating as prinicipal.

Even I tried creating this user wilf/admin@DOMAINCOM in kerberos manually
and tried changing password for uid wilf but alias and uid is not mapped so
it is not updating.

How can we achieve adding multiple principal alias for the same userobject.
?. I dont want to add multiple user and manage inldap.

I am kind of blocked here. Please help me.

Regards
K.Keerthiga

devel / comp.protocols.kerberos / krbPrincipalName not creating principal in kerberos

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor