[32205] in Kerberos

home help back first fref pref prev next nref lref last post

Re: CANT_FIND_CLIENT_KEY

daemon@ATHENA.MIT.EDU (Matt Zagrabelny)
Tue Mar 30 17:57:21 2010

From: Matt Zagrabelny <mzagrabe@d.umn.edu>
To: Russ Allbery <rra@stanford.edu>
In-Reply-To: <874ojxbhzj.fsf@windlord.stanford.edu>
Date: Tue, 30 Mar 2010 16:56:11 -0500
Message-ID: <1269986171.4868.176.camel@grateful.d.umn.edu>
Mime-Version: 1.0
Cc: kerberos <kerberos@mit.edu>
Content-Type: multipart/mixed; boundary="===============0513855348=="
Errors-To: kerberos-bounces@mit.edu


--===============0513855348==
Content-Type: multipart/signed; micalg="pgp-sha1";
	protocol="application/pgp-signature";
	boundary="=-snBfNih7I6rEvVII2dx/"


--=-snBfNih7I6rEvVII2dx/
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, 2010-03-30 at 14:46 -0700, Russ Allbery wrote:
> Matt Zagrabelny <mzagrabe@d.umn.edu> writes:
>=20
> > Thanks for the quick help, Russ. Still the same problem, though.
>=20
> > # grep -B1 allow_weak_crypto /etc/krb5.conf
> > [libdefaults]
> >     allow_weak_crypto =3D true
>=20
> > # /etc/init.d/krb5-kdc restart
>=20
> > % telnet blah...
>=20
> > AS_REQ (1 etypes {1}) 10.25.1.14: CANT_FIND_CLIENT_KEY:
> > mzagrabe@D.UMN.EDU for krbtgt/D.UMN.EDU@D.UMN.EDU, KDC has no support
> > for encryption type
>=20
> > Any other ideas?
>=20
> You need it on the client in addition to the server.

Good to know. :)

Unfortunately, the client is a Cisco Catalyst 3750. :/

workstation% telnet.netkit switch3750
Trying 10.25.1.14...
'autologin': unknown argument ('toggle ?' for help).
Connected to switch3750.d.umn.edu.
Escape character is '^]'.


User Access Verification

Username: mzagrabe
Password:=20

% Authentication failed



switch3750 has a "pam-krb5-like" authentication mechanism for its telnet
daemon.

So, I am _not_ trying kerberized telnet right now, just trying to get
the switch to play nicely in my realm.

If typing usernames and passwords into switching gear was more fun I
would be less determined to get this working. Having said that, any
other ideas?

Thanks,

--=20
Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844
University of Minnesota Duluth
Information Technology Systems & Services
PGP key 4096R/42A00942 2009-12-16
Fingerprint: 5814 2CCE 2383 2991 83FF  C899 07E2 BFA8 42A0 0942

He is not a fool who gives up what he cannot keep to gain what he cannot
lose.
-Jim Elliot

--=-snBfNih7I6rEvVII2dx/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJLsnN6AAoJEAfiv6hCoAlCwW8QAID8pHcfVuMHwoyMBqNSbqnl
HlMmnClSQz8ueO0jG7iEOLqU6CqFHRnswUEOjJ1QTJEo2scrkWsZtKr7Vn57mNGH
Hai1RvvDP44NT9Ewg8M1OmW+LVG6pv4tPkBGaDRyRWlE/Udg7pWEmPnE1hQkmB98
XziB0dAgS76mrILOs2lqXbxla5nnG0mEUIF+Oa6CEz+khHred/BSrp23IK310b12
rBX3gPwtIMYq45IcdnGbIDGa31Qnslx7Kz17V5iW39Wga+2z/KIDDxH0pdHnK9qQ
Xa9VWgkFDLQ5wyCll/uDoD3sT1fdkJKDj4ORutyPc30DAfcw1VMYs4Z+lpmgMCE7
Ipp/mZ7aTbJDr38qYZVV3pO1HRRbozV8d8pKkohs9czJzo9O2NToh/xux7K6ndJT
xnf8y3slpNH0ZKXGR5YBDqIU5g0mc2xH1INaHgQEVQMrUgwU5gawHvsyursXCeSm
+VhNGLoZoTqRo14jrj7VsEOMvFAbRxjYUH0Af6lUyI0JW07Dp3LXqgO80uNMiLqW
zejKwexcIX+vmjrDxwLZNOWFPW0/5D3iMJoltj3M0Xc7JgSodY9OnHFSPuUVt4rd
IPXwRE1JVHb4mz7R+L5DHzlajtGnxrhtfRU7WFfjbAUlK30y5ihfzu2c7us3LS++
NVaJpbJ2M0c07dvmQt7E
=8/bR
-----END PGP SIGNATURE-----

--=-snBfNih7I6rEvVII2dx/--


--===============0513855348==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

--===============0513855348==--
home help back first fref pref prev next nref lref last post