[4167] in Kerberos
... and now, the epiphany
daemon@ATHENA.MIT.EDU (*Hobbit*)
Thu Nov 10 23:44:02 1994
To: kerberos@MIT.EDU
Date: 10 Nov 1994 23:26:41 EST
From: *Hobbit* <hobbit@asylum.sf.ca.us>
After a couple of frustrating days of it all Just Not Working, I was staring
at a packet dump, and had this sudden realization about what was going on.
The rlogin connection would open, the debugging output from inetd would
appear, a NULL would be exchanged between the parties, the AUTH information
would go across, and a positive response come back. [At one point, "can't
decrypt authenticator" would come back, but rebuilding the srvtab fixed that.]
Everything appeared normal, so why ... um.. oh, WAIT A SECOND: Inetd debug
output. Over the rlogin connection. And it hit me: my rlogin client expects
a very strict set of protocol negotiations, and it had no clue how to deal
with
[25683 execl /usr/kerberos/etc/klogind] ,
so it didn't even wait for the rest of the protocol to finish before bailing.
The fix is to NOT hand my separate instance of inetd the -d flag.
The reason similar experiments with telnet/telnetd succeeded, was because
telnet sends everything in IAC blocks, and such debugging output just appears
at the client's output.
Lesson learned: Trying to get TOO much debugging information out of a system
sometimes hurts you. I feel really stupid now, but hopefully others can
learn from my mistake.
Now, on to figuring out how to get v4 clients talking to v5 app servers.
Bwahaha...
_H*
