[1787] in Kerberos-V5-bugs
Re: K5 beta5 decryption fails
daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Jan 23 13:23:31 1996
To: Sushila R Subramanian <sushi@cmf.nrl.navy.mil>
Cc: krb5-bugs@MIT.EDU
From: hartmans@MIT.EDU (Sam Hartman)
Date: 23 Jan 1996 13:23:04 -0500
In-Reply-To: Sushila R Subramanian's message of Tue, 23 Jan 1996 12:01:04 -0500
>>>>> "Sushila" == Sushila R Subramanian <sushi@cmf.nrl.navy.mil> writes:
Sushila> hi - i've been trying to install kerberos5 beta5 and i
Sushila> seem to have problems with decryption of the input on the
Sushila> client side.
Sushila> here's what i do:
Sushila> 1. kinit -f sushi 2. telnet -f -a -l sushi <machine A>
I believe this doesn't work in Beta5 properly; I believe
rlogind worked OK, though. (But see below)
If you get a clock skew error, you should consider making sure
the clocks on the two machines are within five minutes of each other;
I suspect this won't help, as I think I remember a false skew error
forwarding
tickets in Beta5.
Sushila> if i do an "encrypt start" at this point - it prints
Sushila> garbage. an "encrypt stop" does not set it back to
You clearly aren't using streight MIT Kerberos5 Beta5, as it
has the telnet encryption disabled. It doesn't compile without
changes if the encryption is enabled, and tends to get the key
negotiation wrong.
Because of security problems in Telnet encryption, we do not
support it. (We are actively working on developing a standard for
Telnet encryption that is secure; this is a high priority. We will
support this standard and enable encryption by default once this
standard is approved.)
Sushila> thanks -sushi
Sushila> p.s. with the ANL patches, i dont get any errors.
Sushila> without the patches - i get a clock skew error at the
Sushila> client (telnet) end, and telnetd with debug on says
Sushila> "Could not read forwarded credentials"
