[8118] in Release_7.7_team
Re: locked out of my debathena workstation
daemon@ATHENA.MIT.EDU (Quentin Smith)
Sat Mar 14 20:47:09 2015
Date: Sat, 14 Mar 2015 20:47:01 -0400 (EDT)
From: Quentin Smith <quentin@mit.edu>
To: Alex Chernyakhovsky <achernya@mit.edu>
cc: Alex Prengel <alexp@mit.edu>,
"release-team@mit.edu" <release-team@mit.edu>
In-Reply-To: <CAB18ysprY=QO4OREW5WyXacLP1BjjpU2MaprOhNBYPu=P+2b6A@mail.gmail.com>
Message-ID: <alpine.DEB.2.02.1503142046050.3957@team-rocket.mit.edu>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="1611843586-247219560-1426380421=:3957"
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--1611843586-247219560-1426380421=:3957
Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
It looks like Alex's host/dit.mit.edu principal is still single-DES; I'm=20
guessing this failure is because pam_krb5 is trying to get a service=20
ticket to protect from the Zanarotti attack.
--Quentin
On Sat, 14 Mar 2015, Alex Chernyakhovsky wrote:
>=20
> I checked on mkc, which is a fully updated alpha workstation (development=
) and had no issues.
>=20
> Workstations take updates automatically, so you may have had the update h=
appen while you where logged in.
>=20
> -Alex
>=20
>=20
> On Sat, Mar 14, 2015, 8:24 PM=C2=A0Alex Prengel <alexp@mit.edu> wrote:
> So Jon's reply answers this? But since I was logged in for a week a=
t the
> time the problem started I couldn't have taken an update that might=
have
> caused this anyway.
>
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 A.
>=20
>
> On 03/14/2015 12:35 PM, Alex Chernyakhovsky wrote:
> > Hi,
> >
> > On Friday, Ben Kaduk moved a new copy of kerberos-config to propo=
sed.
> > I believe that will affect the beta workstations; the notable cha=
nge
> > is that allow_weak_crypto got turned off. Is your Athena password=
by
> > any chance still using DES-only? That would explain these symptom=
s.
> >
> > Sincerely,
> > -Alex
> >
> > On Sat, Mar 14, 2015 at 11:25 AM, Alex T Prengel <alexp@mit.edu> =
wrote:
> >> Hi,
> >>
> >> I'm suddenly unable to log into my desktop machine (dit.mit.edu)=
, debathena
> >> workstation running Precise, since yesterday afternoon. I get
> >> "authentication failure" on a graphical login attempt, a ctrl-al=
t-f1
> >> terminal login attempt, and ssh attempts from other machines. I'=
m able to
> >> log into other Athena machines, both locally and by ssh without =
problems.
> >> I'm not sure if or when an update might have triggered this as I=
was logged
> >> into the machine continuously since last Monday.
> >>
> >> Has anyone else seen this on beta workstations?
> >>
> >>
> >> Alex
>=20
>=20
>
--1611843586-247219560-1426380421=:3957--