[5836] in Kerberos
K5.5 Ticket Forward and using KSU
daemon@ATHENA.MIT.EDU (Joe Ramus)
Fri Sep 8 17:17:42 1995
Date: Fri, 8 Sep 95 13:57:42 PDT
From: ramus@nersc.gov (Joe Ramus)
To: kerberos@MIT.EDU
On our Solaris 2.4 and SunOS 4.1.x systems, we note a problem with
a Forwarded ticket. It has Encryption type: ETYPE_UNKNOWN
Others have reported this problem also.
My basic question is:
Does your ticket forwarding have the "ETYPE_UNKNOWN" problem?
Can you use a Forwarded ticket with the KSU command?
I tried to use the forwarded ticket with KSU.
The KSU operation fails on Solaris 2.4 with an ASN.1 error as
shown here.
----------------------------------------------------------------------------------
{zoo:92} /krb5/bin/rlogin decdce3.nersc.gov -f
Sun Microsystems Inc. SunOS 5.4 Generic July 1994
{decdce3:1} klist -e -f
Ticket cache: /tmp/tickets.291.joe/Nersc.decdce3
Default principal: ramus@NERSC.GOV
Valid starting Expires Service principal
8-Sep-95 13:17:49 8-Sep-95 21:17:49 krbtgt/NERSC.GOV@NERSC.GOV
Encryption type: ETYPE_UNKNOWN Flags: f
{decdce3:2} /krb5/bin/ksu jroot -n ramus@NERSC.GOV -C .
ksu: ASN.1 identifier doesn't match expected value while geting credentials from kdc
Authentication failed.
----------------------------------------------------------------------------------
The strange thing is that the KSU command works on a SunOS 4.1.x system
as shown here.
----------------------------------------------------------------------------------
{zoo:99} /krb5/bin/rlogin osi.nersc.gov -f
Last login: Fri Sep 8 13:28:54 from zoo.nersc.gov
SunOS Release 4.1.3_DBE1.3 (413-OSI-DBE) #2: Thu Aug 25 12:43:57 PDT 1994
{OsiNR:1} klist -e -f
Ticket cache: /tmp/tickets.291.joe/Nersc.osi
Default principal: ramus@NERSC.GOV
Valid starting Expires Service principal
8-Sep-95 13:44:52 8-Sep-95 21:44:52 krbtgt/NERSC.GOV@NERSC.GOV
Encryption type: ETYPE_UNKNOWN Flags: f
{OsiNR:2} /krb5/bin/ksu root -n ramus@NERSC.GOV -C .
Account root: authorization for ramus@NERSC.GOV successful
Changing uid to root (0)
#
----------------------------------------------------------------
| Joe Ramus NERSC Livermore (510) 423-8917 ramus@nersc.gov |
----------------------------------------------------------------
