[6004] in Kerberos
Re: telnet95 for windows?
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon Oct 16 15:33:51 1995
To: ccjason@quadrophenia.ucdavis.edu (Jason Gabler)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "16 Oct 1995 16:18:22 GMT."
<45u0ke$mco@mark.ucdavis.edu>
Date: Mon, 16 Oct 1995 15:21:50 EDT
From: Sam Hartman <hartmans@MIT.EDU>
>>>>> "Jason" == Jason Gabler <ccjason@quadrophenia.ucdavis.edu> writes:
Jason> : Brian> message: Warning: No Kerberos tickets obtained.
Jason> Yet it : It means that you didn't type a password into
Jason> login.krb; basically, login.krb serves two purposes.
Jason> First, it can accept a password and automagically get you
Jason> tickets as well as logging you into the local system.
Jason> Also, it can be the login program for rlogind. Basically,
Jason> in its second role, it warns you that you don't have yet
Jason> have tickets on the system you just logged in to.
Jason> : --Sam
Jason> The first suggestion: "It means that you didn't type a
Jason> password into login.krb;" could be correct if you were
Jason> doing a kinit, but I am under the impression that you are
Jason> getting this message when you actually arrive on a remote
Jason> machine via a krlogin.
Jason> Well, that is sort of addressed in the second possibility
Jason> give by Sam. However, I think more accurately it means
Jason> that no *forwarded* tickets have been obtained by this new
Jason> login (e.g. the tkt or prinipal you used to get there didnt
Jason> follow you and if you are going to go from this new machine
Jason> to somewhereelse, you will need to kinit once again).
No, this isn't quite correct. It is important to note that
login.krb only exists in Kerberos IV, where you cannot forward
tickets. I.E. I assumed that the question was a Kerberos IV
question, not a Kerberos V question.
Under Kerberos V, login.krb5 is brain-damaged. It will print
this message even if tickets are forwarded successfully.This is especially broken when you consider that login.krb5 is not actually ever capable of obtaining krb5 tickets. We hope to fix this by the release of Kerberos V 1.0.
Jason> basically, Brian, you can ignore the message.
True, although I would get worried if you don't see it when you connect to a machine with telnet or rlogin.
Jason> my 2 cents, no offense Sam :) -- Vale, jason
Jason> .,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,
Jason> ` Jason Gabler jygabler@ucdavis.edu ` ' campus office:
Jason> 916-752-9215 home office: 415-752-1969 '
Jason> '----------------------------------------------------------------------`
Jason> ` Schizophrenic? I'm bleeding Quadrophenic '
Jason> '----------------------------------------------------------------------`
Jason> ' Distributed Computing Analysis & Support, Information
Jason> Technology, UCD' ` Kerberos/Security X Windows Support DCN
Jason> Sys Admin `
Jason> `'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'
--Sam
