This is a multi-part message in MIME format.
--------------010801060200000807020407
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
hello list,
we want to use kerberos for authentication and to secure connections for
telnet sessions.
so i installed kerberos v5 for the debian system via apt-get and did the
configuration.
attached are the configs for this system.
kinit works for a user, but the start of a telnet session is refused
with the message
"Authentication failed". i used the command "kinit stefan" and
"telnet.krb5 -a -F vxr-r.imos.net."
"vxr-r.imos.net" is the cisco router i want to connect to.
when i look into the logs i see the following messages:
Nov 11 09:49:28 alpha krb5kdc[8745](info): AS_REQ (1 etypes {1})
192.168.3.3(16417): NEEDED_PREAUTH: stefan@IMOS.NET for
krbtgt/IMOS.NET@IMOS.NET, Additional pre-authentication required
Nov 11 09:49:30 alpha krb5kdc[8745](info): AS_REQ (1 etypes {1})
192.168.3.3(16417): ISSUE: authtime 1100162970, etypes {rep=1 tkt=16
ses=1}, stefan@IMOS.NET for krbtgt/IMOS.NET@IMOS.NET
Nov 11 09:49:33 alpha krb5kdc[8745](info): TGS_REQ (1 etypes {1})
192.168.3.3(16417): UNKNOWN_SERVER: authtime 1100162970,
stefan@IMOS.NET for host/vxr-r.imos.net@IMOS.NET, Server not found in
Kerberos database
Nov 11 09:49:33 alpha krb5kdc[8745](info): TGS_REQ (1 etypes {1})
192.168.3.3(16417): UNKNOWN_SERVER: authtime 1100162970,
stefan@IMOS.NET for host/vxr-r.imos.net@IMOS.NET, Server not found in
Kerberos database
but the kerberos server alpha.imos.net is in the kerberos database, as
vxr-r.imos.net is.
can anyone give me a hint what the problem is?
if you need additional infos please tell..
bye
stefan
IMOS.NET
--------------010801060200000807020407
Content-Type: text/plain;
name="krb5.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="krb5.conf"
[libdefaults]
default_realm = IMOS.NET
# The following krb5.conf variables are only for MIT Kerberos.
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 des-cbc-crc
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
IMOS.NET = {
kdc = alpha.imos.net:88
admin_server = alpha.imos.net
}
[domain_realm]
.imos.net = IMOS.NET
imos.net = IMOS:NET
[login]
krb4_convert = true
krb4_get_tickets = true
[logging]
default = FILE:/var/log/krb5.log
--------------010801060200000807020407
Content-Type: text/plain;
name="kadmin.local.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="kadmin.local.txt"
kadmin.local: listprincs
K/M@IMOS.NET
alfred/admin@IMOS.NET
alfred@IMOS.NET
host/alpha.imos.net@IMOS.NET
kadmin/admin@IMOS.NET
kadmin/changepw@IMOS.NET
kadmin/history@IMOS.NET
krbtgt/IMOS.NET@IMOS.NET
stefan/admin@IMOS.NET
stefan@IMOS.NET
--------------010801060200000807020407
Content-Type: text/plain;
name="ktutil.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ktutil.txt"
ktutil: l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 4 stefan@IMOS.NET
2 4 stefan@IMOS.NET
3 3 alfred@IMOS.NET
4 3 alfred@IMOS.NET
5 3 host/alpha.imos.net@IMOS.NET
6 3 host/alpha.imos.net@IMOS.NET
--------------010801060200000807020407
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--------------010801060200000807020407--
magic99de
comp.protocols.kerberos
5541 articles. 
1 followers.
jwinius
0 Replies
700 Views
Similar Articles