[MIT] Simple telnet question
Philippe Perrin
philippeperrin at yahoo.com
Mon Feb 11 15:27:03 EST 2002
Actually, the KDC is a Windows 2000 server, so no "syslog" :)
I checked its logs, and noticed the following :
- at the initial kinit, the KDC grants the
krbtgt/KERBYKB.LOCAL at KERBYKB.LOCAL ticket (TGT)
- when running telnet on the MIT server, it does NOT try to get any ticket
before prompting for a password. when typying the real password, I see that
another TGT was delivered to the host, and running klist in the telnet
session makes it appear.
- when running telnet to another server (Heimdal), I see that the client
asks for the right host/... at KERBYKB.LOCAL ticket
So I don't think the Windows KDC is the cause. What I don't understand is
why the SAME MIT telnet client asks for the ticket in one case (Heimdal
server) and NOT in another (MIT server)...
Philippe
"Donn Cave" <donn at u.washington.edu> a écrit dans le message de news:
a4971a$1bfm$1 at nntp6.u.washington.edu...
> Quoth "Philippe Perrin" <philippeperrin at yahoo.com>:
> | Thanks for the advice. Here is the output, after a successful call to
kinit
> ...
> | >>>TELNET: Trying 2 2
> | telnet: Kerberos V5: failure on credentials(Server not found in Kerberos
> | database)
> | >>>TELNET: Trying 2 0
> | telnet: Kerberos V5: failure on credentials(Server not found in Kerberos
> | database)
> | >>>TELNET: Sent failure message
>
> OK, that's good, but it means you must check the second place I suggested.
> When it says "server not found", it means telnet has picked a service
> name that doesn't match the one your site supports. There are three
> places to go wrong - the service, the host instance, and the realm. The
> most likely is your host goes by several addresses and the service
principal
> assigned by your site doesn't use the canonical host name. Whatever, look
> in that syslog and you will see this failure and see what principal it was
> actually looking for. If you don't have access to the log, enlist the
> cooperation of your site administrator.
>
> |> - KDC syslog output. Search for IP address of the local (client) host.
>
> Donn Cave, donn at u.washington.edu
More information about the Kerberos
mailing list