First, do: klist -f
to make sure your TGT has the forwardable flag set,
like this:
% klist -f
Ticket cache: FILE:/var/dss/kerberos/tkt/v5_3e22df980e8a53
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
01/13/03 14:07:19 01/20/03 14:07:19 [EMAIL PROTECTED]
Flags: FI
...K4 tickets omitted here...
then do:
telnet -axF ebiz.austin.ibm.com
(-a = auth, -x = encrypt) [I doubt you need the -k realm
if things are properly setup]
John
>
> I'm using the Debian GNU/Linux version of kerberized telnetd and
> telnet and am trying to do kerberos based telnet logins. The steps I
> follow are (1) kinit (2) telnet -F <telnet server>, but I get a failure.
> Here are the gory details :
>
> ken@sid:~$ klist
> Ticket cache: FILE:/tmp/krb5cc_1000
> Default principal: [EMAIL PROTECTED]
>
> Valid starting Expires Service principal
> 01/13/03 13:36:15 01/13/03 23:35:38 [EMAIL PROTECTED]
ibm.com
>
>
> Kerberos 4 ticket cache: /tmp/tkt1000
> klist: You have no tickets cached
>
> ken@sid:~$ telnet -F -k ebiz.austin.ibm.com ebiz.austin.ibm.com
> Trying A.B.C.D...
> Connected to ebiz.austin.ibm.com (A.B.C.D).
> Escape character is '^]'.
> telnetd: No authentication provided.
> Connection closed by foreign host.
>
> An ethereal trace shows the following exchange :
>
> client --> server
> Telnet commands :
> Do Encryption Option
> Will Encryption Option
> Do Suppress Go Ahead
> Will Terminal Type
> Will Negotiate About Window Size
> Will Terminal Speed
> Will Remote Flow Control
> Will Linemode
> Will New Environment Option
> Do Status
> Will X Display Location
>
> server --> client
> Telnet commands :
> Do Authentication Option
>
> client --> server
> Telnet commands :
> Wont Authentication Option
>
> server --> client
> Telnet commands :
> Will Encryption Option
> Do Encryption Option
> Send your Encryption Option
> Will Suppress Go Ahead
> Do Terminal Type
> Do Negotiate About Window Size
> Do Terminal Speed
> Do Remote Flow Control
> Dont Linemode
> Do New Environment Option
> Will Status
> Do X Display Location
>
> server --> client
> Telnet commands :
> Do Environment Option
>
> client --> server
> Telnet commands :
> Encryption Option
> Send your Encryption Option
> Negotiate About Window Size
> Heres my Negotiate About Window Size
> Value: i\000F
>
> client --> server
> Telnet commands :
> Wont Environment Option
>
> server --> client
> Telnet commands :
> Terminal Speed
> Send your Terminal Speed
> X Display Location
> Send your X Display Location
> New Environment Option
> Send your New Environment Option
> Terminal Type
> Send your Terminal Type
>
> client --> server
> Telnet commands :
> Terminal Speed
> Here's my Terminal Speed
> Value: 38400,38400
> X Display Location
> Here's my X Display Location
> Value: localhost:10.0
> New Environment Option
> Here's my New Environment Option
> Value: \000DISPLAY\001localhost:10.0
> Terminal Type
> Here's my Terminal Type
> Value: XTERM
>
> server --> client
> Data:
> telnetd: No Authentication provided. \r\n
>
> ....and the server initiates a connection close.
>
> telnetd is being started with a '-a user' option. Is this not the
> right option for Kerberos authentication? Why does the client claim that
> it wont do authentication?
>
> Thanks,
> Kenneth
>
> ________________________________________________
> Kerberos mailing list [EMAIL PROTECTED]
> http://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
