I am not able to use heimdal kerberos telnetd on FreeBSD-6 to provide
remote access to a host. I get this error from my Kermit client:
Kerberos authentication failed!
Kerberos V5 refuses authentication because
Read req failed: Key table entry not found
The keytab has been extracted to the service host. (see below)
I am thinking that there might be some sort of hard to find
incompatibility or encryption type issue with Heimdal and MIT. That or
there is some stupid detail that I have missed. I would have expected
Heimdal to be a "drop in" replacement for MIT kerberos. A full
transcript is provided below if the problem is not obvious.
I am successfully running MIT KDCs and have been for years. All my
other MIT kerberized hosts function correctly.
Any idea what I might be missing?
Thanks,
Jason C. Wells
I get a ticket granting ticket as evidenced by the MIT KDC log:
Feb 26 09:40:56 s5.stradamotorsports.com krb5kdc[449](info): AS_REQ (3
etypes {1 6 3 1}) 192.168.1.16: ISSUE: authtime 1140975656, etypes
{rep=16 tkt=16 ses=16}, [EMAIL PROTECTED] for
krbtgt/[EMAIL PROTECTED]
Then I get my service ticket as evidenced by the MIT KDC log:
Feb 26 09:41:09 s5.stradamotorsports.com krb5kdc[449](info): TGS_REQ (1
etypes {1}) 192.168.1.16: ISSUE: authtime 1140975656, etypes {rep=16
tkt=16 ses=1}, [EMAIL PROTECTED] for
host/[EMAIL PROTECTED]
I have all my tickets on my Windows client.
C:\Documents and Settings\jcw>klist -e
Ticket cache: API:krb5cc
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
02/26/06 09:40:56 02/26/06 19:40:56
krbtgt/[EMAIL PROTECTED]
ORTS.COM
renew until 02/26/06 19:40:57, Etype (skey, tkt): Triple DES
cbc mode wi
th HMAC/sha1, Triple DES cbc mode with HMAC/sha1
02/26/06 09:41:09 02/26/06 19:40:56
host/[EMAIL PROTECTED]
PORTS.COM
renew until 02/26/06 19:40:57, Etype (skey, tkt): DES cbc mode
with CRC-
32, Triple DES cbc mode with HMAC/sha1
Kerberos 4 ticket cache: API:krb4cc
klist: No ticket file (tf_util)
But my kermit client complains with:
DNS Lookup... Trying 192.168.1.1... Reverse DNS Lookup... (OK)
g3.stradamotorsports.com connected on port telnet
Authenticating with KERBEROS_V5
Kerberos authentication failed!
Kerberos V5 refuses authentication because
Read req failed: Key table entry not found
/Can't connect to g3.stradamotorsports.com:23
The keytab shows:
Vno Type Principal
11 des3-cbc-sha1 host/[EMAIL PROTECTED]
11 des-cbc-crc host/[EMAIL PROTECTED]
Getprincs on the MIT KDC shows:
kadmin: getprinc host/[EMAIL PROTECTED]
Principal: host/[EMAIL PROTECTED]
Expiration date: [never]
Last password change: Sun Feb 26 09:08:57 PST 2006
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Sun Feb 26 09:08:57 PST 2006
([EMAIL PROTECTED])
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 11, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 11, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"