[4471] in testers
Linux 8.4.4: Remote access burps
daemon@ATHENA.MIT.EDU (Christopher D. Beland)
Tue Jun 20 02:33:03 2000
Message-Id: <200006200632.CAA00971@No-Whammies.mit.edu>
To: testers@MIT.EDU
Date: Tue, 20 Jun 2000 02:32:52 -0400
From: "Christopher D. Beland" <beland@MIT.EDU>
Maybe I am just on crack this evening.
(This is the same machine I just upgraded - No-Whammies.)
With or without "LOGIN=/usr/athena/etc/login.krb5" in /etc/conf.getty
and with oor without /etc/krb5.keytab, I got the following behavior:
sshing or ktelnetting to whack-a-mole logs me in normally without
asking for password. sshing or ktelnetting back from that machine
does the same. However, the following happens when I try to
telnet/ssh from No-Whammies back to itself:
(1:53 ~) beland@No-Whammies: telnet beland
...including options requested by -safe: "-axF"
Trying 18.208.0.89...
Connected to No-Whammies (18.208.0.89).
Escape character is '^]'.
[ Trying KERBEROS4 ... ]
[ Kerberos V4 accepts you ]
[ Kerberos V4 challenge successful ]
What you type is protected by encryption.
Password for beland:
Last login: Tue Jun 20 01:53:21 from no-whammies
[etc...]
(1:53 ~/is) beland@No-Whammies: ssh beland
beland@ATHENA.MIT.EDU@beland's password:
Last login: Tue Jun 20 01:52:54 2000 from whack-a-mole.mit.edu
[etc...]
(1:59 ~) beland@whack-a-mole: ftp beland
Connected to NO-WHAMMIES.MIT.EDU.
220 No-Whammies FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: Miscellaneous failure
GSSAPI error minor: No principal in keytab matches desired name
GSSAPI error: acquiring credentials
GSSAPI ADAT failed
GSSAPI authentication failed
334 Using authentication type KERBEROS_V4; ADAT must follow
KERBEROS_V4 accepted as authentication type
Kerberos V4 krb_rd_safe failed: Time is out of bounds (krb_rd_req)
Name (beland:beland):
530 User beland access denied.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
Both clocks were, in fact, properly synched.
(2:01 athena) beland@No-Whammies: ftp beland
Connected to NO-WHAMMIES.MIT.EDU.
220 No-Whammies FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: Miscellaneous failure
GSSAPI error minor: Server not found in Kerberos database
GSSAPI error: initializing context
GSSAPI authentication failed
334 Using authentication type KERBEROS_V4; ADAT must follow
KERBEROS_V4 accepted as authentication type
Kerberos V4 authentication succeeded
200 Data channel protection level set to private.
Name (beland:beland):
530 User beland access denied.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
-B.
===============================================================
Christopher Beland - http://web.mit.edu/beland/www/contact.html
Got spam? Stop it at the source. http://spamcop.net
===============================================================
