[19521] in Kerberos
Re: telneting into solaris 8 kerberized telnetd prompts for passwd
daemon@ATHENA.MIT.EDU (Wyllys Ingersoll)
Mon Jul 7 14:43:24 2003
Message-ID: <3F09BEAC.1070403@sun.com>
Date: Mon, 07 Jul 2003 14:40:44 -0400
From: Wyllys Ingersoll <wyllys.ingersoll@sun.com>
MIME-Version: 1.0
To: "Peter Himmelfarb (Excell Data Corporation)" <a-peterh@microsoft.com>
In-Reply-To: <905568611548FF439A27CB4F41D273E9078C1D76@red-msg-12.redmond.corp.microsoft.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
Check the /etc/pam.conf entries on the Solaris 8 system,
they should have the following 'ktelnet' entries (or something
similar depending on your local authentication policy).
ktelnet auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 acceptor
ktelnet auth required /usr/lib/security/$ISA/pam_unix.so.1
-Wyllys
Peter Himmelfarb (Excell Data Corporation) wrote:
>
>
> Synopsis of issue I'm experiencing:
>
>
>
> a user is prompted for their password when using a kerberized linux
> telnet client
>
> to access a kerberized telnet server on a solaris 8 host.
>
>
>
> Test environment:
>
>
>
> Windows 2003 KDC
>
> (2) Linux hosts running kerberized telnetd
>
> (1) solaris 8 host [SEAM 1.0.1 including patches 109223-02, 109805,
> 110060]
>
> running kerberized telnetd and kerberized ftpd
>
>
>
> History of successful kerberos interoperability:
>
>
>
> - user can telnet from linux host to linux host without having to
> enter password
>
> - user can ftp from linux host to solaris without having to enter
> password
>
> - user can telnet from solaris host linux hosts without having to
> enter password
>
>
>
> Issue:
>
>
>
> - user can telnet from linux host to solaris telnet server but is
> prompted for their
>
> password. Here's output from `telnet -a -x msaum01` [IP's and names
> changed ]
>
>
>
> ./telnet -a -x msaum01
>
> Trying 10.10.0.10...
>
> Connected to abc.abc.com (10.10.0.10).
>
> Escape character is '^]'.
>
> Waiting for encryption to be negotiated...
>
> [ Kerberos V5 accepts you as ''bullet@abc.com'' ]
>
> done.
>
> Last login: Fri Jun 27 11:47:13 from 10.10.0.10
>
> Password:
>
>
>
>
>
> Excerpt from inetd.conf:
>
>
>
> telnet stream tcp nowait root /usr/krb5/lib/telnetd telnetd -a user
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
