[4445] in testers
linux 8.4-beta: oddities.
daemon@ATHENA.MIT.EDU (Jacob Morzinski)
Sat Jun 10 04:13:05 2000
Date: Sat, 10 Jun 2000 04:12:57 -0400 (EDT)
From: Jacob Morzinski <jmorzins@MIT.EDU>
To: testers@mit.edu
Message-ID: <Pine.LNX.4.21L.0006100340530.22138-100000@alice-whacker.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
I don't know enough of how our security system is set up to describe
this problem well, but I've been having troubles with alice-whacker
since it was updated to 8.4-beta.
Summaries:
Ssh'ing to the machine requires typing a password, and then exits
with "Permission denied". Verbose ssh suggests kerberos errors,
but encrypted telnet works. Running a debugging sshd has the
interesting error message:
debug: Can't find jmorzins's shadow - access denied.
Printing does not work -- the "localhost" server refuses to talk to
me. /etc/lpd.conf and /etc/lpd.perms on the linux machine
alice-whacker are very different from what they are on an Irix box.
(In fact, /etc/lpd.conf contains nothing but comments.) In addition,
$PRINTER appears to be "meadow;", including the semicolon.
Disorganized details on each of these:
Ssh -v does not seem to show any interesting details. The last few
lines of a verbose attempt to connect are included here. I would
suspect that some part of the "access" mechanism were malfunctioning,
except that encrypted telnet works fine.
alice-whacker.mit.edu: Sent encrypted session key.
alice-whacker.mit.edu: Installing crc compensation attack detector.
alice-whacker.mit.edu: Received encrypted confirmation.
alice-whacker.mit.edu: Trying Kerberos V5 TGT passing.
alice-whacker.mit.edu: Kerberos V5 TGT passing failed.
alice-whacker.mit.edu: Trying Kerberos V5 authentication.
alice-whacker.mit.edu: Kerberos V5 authentication failed.
alice-whacker.mit.edu: Doing password authentication.
jmorzins@ATHENA.MIT.EDU@alice-whacker.mit.edu's password:
Permission denied.
Is kerberos 5 failing? In contrast, the telnet output is:
% telnet alice-whacker.mit.edu
...trying Athena's default telnet options: "-axF"
Trying 18.187.1.68...
Connected to alice-whacker.mit.edu (18.187.1.68).
Escape character is '^]'.
[ Kerberos V5 accepts you as ``jmorzins@ATHENA.MIT.EDU'' ]
[ Kerberos V5 accepted forwarded credentials ]
What you type is protected by encryption.
Last login: Fri Jun 9 01:46:05 from well
Athena Workstation (linux) Version 8.4.2 Thu Jun 8 23:35:59 EDT 2000
Printing: "enscript" hangs for a long time. Various incantations of
"lpq" show:
% lpq
Printer 'meadow;@localhost' - cannot open connection - Connection refused
Make sure LPD server is running on the server
% lpq -Pceres
Printer 'ceres@localhost' - cannot open connection - Connection refused
Make sure LPD server is running on the server
According to rpm:
bash# rpm -qf /etc/lpd.perms
athena-lprng-8.4-2
bash# rpm -qf /etc/lpd.conf
athena-lprng-8.4-2
As far as I can tell, I have tickets:
% klist
Ticket cache: /tmp/krb5cc_jmorzins
Default principal: jmorzins@ATHENA.MIT.EDU
Valid starting Expires Service principal
06/10/00 03:40:16 06/10/00 23:38:26 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
06/10/00 03:42:23 06/10/00 23:38:26 host/alice-whacker.mit.edu@ATHENA.MIT.EDU
Kerberos 4 ticket file: /tmp/tkt_jmorzins
Principal: jmorzins@ATHENA.MIT.EDU
Issued Expires Principal
06/10/00 03:40:16 06/10/00 23:35:16 krbtgt.ATHENA.MIT.EDU@ATHENA.MIT.EDU
06/10/00 03:40:19 06/10/00 15:10:19 afs.athena.mit.edu@ATHENA.MIT.EDU
06/10/00 03:40:19 06/10/00 15:10:19 afs.sipb.mit.edu@ATHENA.MIT.EDU
06/10/00 03:40:40 06/10/00 15:10:40 zephyr.zephyr@ATHENA.MIT.EDU
06/10/00 03:40:42 06/10/00 15:10:42 imap.po12@ATHENA.MIT.EDU
