I've got MIT kerberos setup and working on my kdc (kerberos.mydomain.com)
and I can run sserver kerberos.frontbridge.com 90 and sclient
kerberos.frontbridge.com 90 on kerberos.frontbridge.com. Also, I can do the
same from my test client machine (kc.mydomain.com). However, dispite adding
a host/[EMAIL PROTECTED] principal and adding a keytab
entry for the same, as well as for
sample/[EMAIL PROTECTED], I can't seem to authenticate when
connecting from kerberos.mydomain.com -> kc.mydomain.com, and get the
following error message (using telnet -a for verbosity):
===snip===
[ Kerberos V5 refuses authentication because telnetd: krb5_rd_req failed: No
such file opre directory ]
[ Kerberos V5 refuses authentication because telnetd: krb5_rd_req failed: No
such file opre directory ]
Password for root: Error while reading password for 'root'
Login incorrect
login:
telnet> quit
==========
When I use sserver/sclient, I get the following:
==snip==
sendauth rejected, error reply is:
" No such file or directory"
========
OS: RedHat Enterprise Linux v3
Kerberos Version: 5, 1.2.7-19 (shipps w/ redhat)
Misc. information:
Klist:
---------------------------------------
Ticket cache: FILE: /tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting: Expires: Service principal
3/23/05 13:35:42 3/23/05 23:35:41
krbtgt/[EMAIL PROTECTED]
3/23/05 13:36:02 3/23/05 23:35:41
host/[EMAIL PROTECTED]
3/23/05 13:45:47 3/23/05 23:35:41
sample/[EMAIL PROTECTED]
Kerberos 4 ticket cache: /tmp/tkt0
Klist: You have no tickets cached
kadmin.local listprincs:
-----------------------------------------------------------
kadmin.local: listprincs
K/[EMAIL PROTECTED]
host/[EMAIL PROTECTED]
host/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
krbtgt/[EMAIL PROTECTED]
nick/[EMAIL PROTECTED]
[EMAIL PROTECTED]
root/[EMAIL PROTECTED]
[EMAIL PROTECTED]
sample/[EMAIL PROTECTED]
sample/[EMAIL PROTECTED]
ssh/[EMAIL PROTECTED]
kadmin.local:
To review:
----------------------------------------------
The connection:
kerberos.frontbridge.com -> kerberos.frontbridge.com: WORKS
kerberos.frontbridge.com -> kc.frontbridge.com: FAILS
kc.frontbridge.com -> kerberos.frontbridge.com: WORKS
kc.frontbridge.com -> kc.frontbridge.com: FAILS
I'd appreciate any help you can give me in this, I've been trying to find
that specific error in google archives and all the usual places and can't
seem to come up with anything. This is the first time I've setup kerberos,
so I may be just missing one of the steps (probably) I need to do in order
to get the host working right. I'd output my keytab, but I'm not really sure
there is a way to do that.
Thanks for the help,
Nick,.
FrontBridge introduces Message Archive and Secure Email. Get leading Enterprise
Message Security services from FrontBridge. www.frontbridge.com.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
