[1994] in Kerberos-V5-bugs
Re: Kerberos v5b6 problems
daemon@ATHENA.MIT.EDU (Paul Weber)
Wed Jun 12 15:48:24 1996
Date: Wed, 12 Jun 1996 15:48:06 -0400
From: Paul Weber <weber@anise.ee.cornell.edu>
To: Sam Hartman <hartmans@MIT.EDU>
Cc: Paul Weber <weber@anise.ee.cornell.edu>, krb5-bugs@MIT.EDU
Sam Hartman wrote:
>
> >>>>> "Paul" == Paul Weber <weber@anise.ee.cornell.edu> writes:
>
> Paul> Hi, I'm not sure if this is a bug or not
>
> In general this type of message is better on kerberos@mit.edu.
> It is likely that you are dealing with a documentation bug, but it is
> often better to keep discussions on kerberos@mit.edu, then cc
> krb5-bugs@mit.edu once it's clear what the specific bug is. In
> particular, "It didn't work" messages are much more likely to produce
> useful results on kerberos@mit.edu than krb5-bugs@mit.edu. Still, it
> doesn't matter that much.
Sorry!
>
> Paul> thor(37) > rlogin thor thor.ee.cornell.edu: Connection
> Paul> refused rlogin: kcmd to host thor failed - Unknown code ____
> Paul> 255 trying normal rlogin (/usr/ucb/rlogin) Last login: Tue
> Paul> Jun 11 14:02:22 from THOR.EE.CORNELL. SunOS Release 4.1.4
> Paul> (GENERIC) #1: Thu Mar 14 09:50:59 EST 1996
>
> Well, what services did you enable in /etc/inetd.conf, and did
> inetd give errors about them? When you telnet to the klogin and
> eklogin ports on your machine, what happens.
No errors inetd
My inetd.conf looks like this:
#
#kerberos sserver for applications
#
sample stream tcp nowait root /krb5/sbin/sserver sserver
eklogin stream tcp nowait root /krb5/sbin/klogind klogind -5 -e -c
klogin stream tcp nowait root /krb5/sbin/klogind klogind -5 -e -c
kshell stream tcp nowait root /krb5/sbin/kshd kshd -5 -e -c
I added klogin and now I get this when I try to rlogin :
./appl/bsd/rlogin
JVdL^/ZME@SgUR^*0&6vl}
!KZItK.ls1a =66~7(c,gb @W?"}/S[%pN0f/i*
]Ka>!&alVyS\AConnection closed.
In /var/adm/messages i have the following:
Jun 12 15:11:47 thor klogind[14311]: Read size problem.
> If you use rsh without a command then it actually calls
> rlogin. (This is a Unix truism and has nothing to do with Kerberos).
> However, this suggets something strange is happening bweteen rsh and
> rlogin inside Kerberos that manages to get the wrong options passed
> to the non-Kerberos login. I'll look at that when I get a chance, but
> it's not a major issue.
rsh output :
thor(24) > rsh thor ls -l /
kshd: You must use encryption.
rsh: kcmd to host thor failed - Unknown code ____ 255
trying normal rsh (/usr/ucb/rsh)
telnet info:
zombie(260) > telnet thor 2105
Trying 128.84.224.30 ...
Connected to thor.ee.cornell.edu.
Escape character is '^]'.
Connection closed by foreign host.
zombie(263) > telnet thor 543
Trying 128.84.224.30 ...
Connected to thor.ee.cornell.edu.
Escape character is '^]'.
Connection closed by foreign host.
>
> that the Kerberos rlogin wasn't able to
> connect to the login server.
> Paul> rsh: kcmd to host thor failed - Unknown code ____ 255 trying
> Paul> normal rlogin (/usr/ucb/rlogin) usage: rlogin [ -ex ] [ -l
> Paul> username ] [ -8 ] [ -L ] host
>
> The install docs
> Well, the diagnostic steps I suggested above should help
> narrow things. I.E. regarding what is in your inetd.conf and erorrs
> from inetd, etc.
>
> Paul> Also, when i run the sclient ans sserver program I get the
> Paul> following: thor(12) # sclient thor 906 sendauth rejected,
> Paul> error reply is: " Key table entry not found"
>
> Paul> Any ideas?
>
> This error indicates that the sample principal is not in the
> appropriate keytab. How did you create /etc/v5srvtab, and did you
> include the sample service in it?
Here are the entryies in my dtatbase :
kdb5_edit: ldb
entry: sample/thor.ee.cornell.edu@EE.CORNELL.EDU
entry: host/thor.ee.cornell.edu@EE.CORNELL.EDU
entry: krbtgt/EE.CORNELL.EDU@EE.CORNELL.EDU
entry: weber@EE.CORNELL.EDU
entry: root@EE.CORNELL.EDU
entry: K/M@EE.CORNELL.EDU
I made the V5srctab file by doing the following:
thor(29) > kdb5_edit
kdb5_edit: xst thor.ee.cornell.edu sample
'sample/thor.ee.cornell.edu@EE.CORNELL.EDU' added to keytab
'WRFILE:thor.ee.cornell.edu-new-srvtab'
I renamed the file and put it in etc and now it works I get:
sendauth succeeded, reply is:
reply len 29, contents:
You are weber@EE.CORNELL.EDU
>
> Paul> Also, kpasswd gives the following messages: thor(116) >
> Paul> kpasswd -u weber Enter old password for weber: kpasswd:
> Paul> cannot find server for weber.
>
> That's probably a bug in the documentation. It probably means
> you don't have kadmind5 running properly, but if I remember correctly,
> the instructions for setting up kadmind5 don't always work right.
> What happens when you try and run kadmind5,; what errors does it
> produce?
>
OK, I was missing the krb5._adm.acl file. It works now. I will be glad when we have
better install docs, it would sure help some.
Paul
> Paul> Thanks for your help!! Paul
>
> Paul> --
>
> Paul> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paul
> Paul> R. Weber ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Paul> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computer Operations
> Paul> Manager II
>
> Paul> 301 Phillips Hall Electrical Engineering
> Paul> Cornell University Ithaca, NY 14853-6401
>
> Paul> E-mail: prw1@cornell.edu Phone: (607)
> Paul> 255-1460 Fax: (607) 254-4565
> Paul> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Paul R. Weber
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computer Operations Manager II
301 Phillips Hall
Electrical Engineering
Cornell University
Ithaca, NY 14853-6401
E-mail: prw1@cornell.edu
Phone: (607) 255-1460
Fax: (607) 254-4565
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
