[3388] in Kerberos
Re: encrypted telnet session?
daemon@ATHENA.MIT.EDU (Mike Friedman (510) 642-1410)
Wed Jun 8 10:13:20 1994
To: kerberos@MIT.EDU
Date: Tue, 07 Jun 94 09:31:46 PDT
From: spgmnf@cmsa.Berkeley.EDU (Mike Friedman (510) 642-1410)
In article <BRLEWIS.94May26122906@joy.mit.edu>
brlewis@athena.mit.edu (Bruce R. Lewis) writes:
>
>Source code for encrypted telnet is available, although it is subject to
>U.S. export restrictions. For details, ftp to net-dist.mit.edu and cd
>/pub/telnet, then read the HOW_TO_FTP file.
>--
I've been testing this telnet/telnetd and can't seem to do an authenticated
logon. I'm running the telnetd with '-a user', which is supposed to allow a
login only if authentication is provided, and no password prompt should be
issued to the remote user. Also, I have telnetd listening on a non-standard
port and defined to /etc/services and /etc/inetd.conf with a service name of
'ktelnetd', so as not to conflict with my production (non Kerberized) telnetd.
When I use the telnet client, following the man page docs, I cannot seem to
get a successful login. It seems that the only way I can avoid a password
prompt from the server login program is to specify the '-a' or '-l userid'
options on the telnet client. But when I do this, I get a message (I assume
from the server login program) that login names with '-' are not allowed.
Yet I'm not specifying any such thing.
I should say that I'm doing my testing after having gotten a TGT on my client
system (this is V4 Kerberos).
I turned on the Report option in telnetd, so I can see its negotiation. Unless
I invoke telnet with '-a' or '-l userid', it sends DON'T AUTHENTICATION to
telnetd. But with either of those options, I get the login message about
invalid '-' in the logonid and a login prompt, followed by a password prompt.
I do see 'Kerberos V4 challenge successful' in the message stream, so I would
think that authentication isn't the problem.
Is there something I've forgotten to do? I've already set up rcmd as a
Kerberos principal (since I've been using it with Kerberized rlogin), and a
klist issued subsequent to using telnet shows I do have a ticket for the rcmd
service.
Any ideas?
