-
By default kerberos on RHEL7 no longer uses /tmp/krb5cc_ as a store for kerberos tickets, it now favors linux keyrings.
I've changed the script to do a regular kinit using the keytab, which solves th…
-
Hi
Appently ( #47 #91 ) kerberized access is available.
However there is no example on how to use it in the documention.
That would be more than helpfull
Thanks
-
The OpenLDAP directory service currently does not allow simple binds to the directory. GSSAPI authentication is required for all authenticated connections. Some applications are incapable of GSSAPI au…
-
It looks like the Kafka resources do not allow to use a Kerberos authentication mechanism.
We should be able to use GSSAPI as sasl mechanism and then configure:
- kerberos service name
- kerberos…
-
Ran into an issue in SECURITY-1380 where stateless nodes lost their keytabs.
Currently backup-node_configs.sh will backup files every x days (7 by default). So if a file is modified (like keytabs w…
-
In gitlab by @threepistons on Dec 8, 2021, 17:09
If a machine is an identical copy of another machine, e.g. a VM disk image is used as a template for several VMs, the one-shot service still has the t…
-
Trying to test krb5 NFS exports with the "no_root_squash" export option, but it's not working and any request from root on the client ends up getting squashed to nobody. The client defaults to using t…
-
MIT Krb5 has "fixed" at least some of their 2038 issues by simply defining the file format as being in unsigned 32-bit time.
Heimdal current master still treats the times in credential caches and …
-
![bug1](https://user-images.githubusercontent.com/18161585/49127935-4225ea80-f304-11e8-9de6-5b52d3549d5a.png)
as above, kinit will get exception when env var KRB5CCNAME contain colon
at the azkaban …
-
#### Describe the issue
vault-agent configmap is not deleted when pod is gone. This becomes an issue when having hundreds of thousands of these orphaned resources in the cluster which can happen qu…