[4509] in testers
Re: Linux 8.4.4: Remote access burps
daemon@ATHENA.MIT.EDU (Christopher D. Beland)
Wed Jun 28 22:07:56 2000
Message-Id: <200006290207.WAA06349@No-Whammies.mit.edu>
To: testers@MIT.EDU
Date: Wed, 28 Jun 2000 22:07:48 -0400
From: "Christopher D. Beland" <beland@MIT.EDU>
So I just formatted my root partition and did a complete reinstall of
my layered linux machine (no-whammies) to version 8.4.5.
The ssh and telnet problems I reported earlier went away.
I'm still having ftp problems, however. Greg suggested:
> FTP's krb5 support (via GSSAPI) doesn't deal properly if you use a
> cname of the host you're FTPing to. That may be for security
> reasons, since cname lookups are typically not secure. (Of course,
> it makes no sense for Kerberos to enforce a no-cnames policy in one
> mechanism of one application and nowhere else, but lots of Kerberos
> makes no sense.)
It works fine if I ftp to wam (a cname, of whack-a-mole.mit.edu, an
8.4.5 IRIX box):
(22:02 ~) beland@No-Whammies: ftp wam
Connected to WHACK-A-MOLE.MIT.EDU.
220 whack-a-mole.mit.edu FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI authentication succeeded
200 Data channel protection level set to private.
Name (wam:beland):
331 GSSAPI user beland@ATHENA.MIT.EDU is authorized as beland;
Password required.
Password:
230 User beland logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
Even when I ftp to the canonical hostname of my Linux box, however,
authentication still fails (with different behavior than previously
reported):
(21:41 ~) beland@No-Whammies: ftp No-Whammies.mit.edu
Connected to No-Whammies.mit.edu.
220 No-Whammies.mit.edu FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI authentication succeeded
200 Data channel protection level set to private.
Name (No-Whammies.mit.edu:beland): beland
530 User beland access denied.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221 Goodbye.
(22:05 ~) beland@No-Whammies: klist
Ticket cache: /tmp/krb5cc_pts_0
Default principal: beland@ATHENA.MIT.EDU
Valid starting Expires Service principal
06/28/00 16:47:47 06/29/00 02:47:47
krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
06/28/00 20:38:21 06/29/00 02:47:47
host/no-whammies.mit.edu@ATHENA.MIT.EDU
06/28/00 20:43:08 06/29/00 02:47:47
host/whack-a-mole.mit.edu@ATHENA.MIT.EDU
Kerberos 4 ticket file: /tmp/tkt_pts_0
Principal: beland@ATHENA.MIT.EDU
Issued Expires Principal
06/28/00 16:47:47 06/29/00 02:47:47
krbtgt.ATHENA.MIT.EDU@ATHENA.MIT.EDU
06/28/00 16:47:47 06/29/00 02:47:47 rcmd.no-whammies@ATHENA.MIT.EDU
06/28/00 16:47:47 06/29/00 02:47:47
afs.athena.mit.edu@ATHENA.MIT.EDU
06/28/00 16:47:52 06/29/00 02:47:52 afs.sipb.mit.edu@ATHENA.MIT.EDU
06/28/00 16:47:57 06/29/00 02:47:57 afs.net.mit.edu@ATHENA.MIT.EDU
06/28/00 16:48:29 06/29/00 02:48:29 pop.po12@ATHENA.MIT.EDU
06/28/00 16:48:30 06/29/00 02:48:30 zephyr.zephyr@ATHENA.MIT.EDU
06/28/00 17:19:17 06/29/00 02:49:17 moira.moira4@ATHENA.MIT.EDU
-B.
===============================================================
Christopher Beland - http://web.mit.edu/beland/www/contact.html
Got spam? Stop it at the source. http://spamcop.net
===============================================================
