[32233] in Kerberos
Re: kerberized telnet
daemon@ATHENA.MIT.EDU (Marcus Watts)
Fri Apr 2 15:08:00 2010
To: Matt Zagrabelny <mzagrabe@d.umn.edu>
In-reply-to: <1270233206.4868.1854.camel@grateful.d.umn.edu>
Date: Fri, 02 Apr 2010 15:07:53 -0400
From: Marcus Watts <mdw@umich.edu>
Message-Id: <E1NxmDh-00048v-Dt@bruson.ifs.umich.edu>
Cc: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> Date: Fri, 02 Apr 2010 13:33:26 CDT
> To: kerberos <kerberos@mit.edu>
> From: Matt Zagrabelny <mzagrabe@d.umn.edu>
> Subject: kerberized telnet
>
> Greetings,
>
> I am trying to debug a Kerberos setup with a MIT KDC/TGS and Cisco
> Catalyst 3750. Things are progressing, but I've hit a wall.
>
> Here is what I perform on my workstation:
>
> $ kinit
> $ telnet kplz354s2
> Trying 10.25.1.14...
> Will send login name and/or authentication information.
> Connected to kplz354s2.d.umn.edu (10.25.1.14).
> Escape character is '^]'.
> [ Kerberos V5 accepts you as ``mzagrabe@D.UMN.EDU'' ]
>
> % Authentication failed
> Connection closed by foreign host.
...
The message "Kerberos V5 accepts" comes from your local telnet client.
It means that at some basic level kerberos 5 negotiation succeeded with
the telnet server.
There's an "authdebug" option you can set.
You can probably get more debug output using:
$ telnet
telnet> set authdebug
telnet> open kplz354s2
...
use "set ?" to see what else you can do - there are additional debugging
options. If you have something else for which you can successfully do
kerberos authentication, you should compare the results.
Off-hand, I wonder what encryption types you have. You might want to
check encryption types in the kdc logs, & encryption types and flags on
the various principals involved. klist -fea may also be interesting.
If the string you rightfully didn't show us is really a srvtab, the
service principal you gave to the cisco must not have any non-des key
types in the kdc.
-Marcus Watts
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
