Problems using Kerberos telnet

Wyllys Ingersoll wyllys at eng.sun.com
Thu Mar 21 11:01:07 EST 2002 

The authentication exchange itself is failing, .k5login doesnt come into
play until after you have already authenticated successfully.

Try turning on the debugging output for options, encryption, and
authentication in the telnet client:

$ telnet -a -x
telnet> set enc
telnet> set opt
telnet> set auth
telnet> set debug
telnet> o <hostname>
...

This will display the exchange of options and show debug output for the
client when trying to connect.

Also, check your KDC log file to see if there is anything useful being
logged by the KDC.

You could also run the server in debug mode as well (telnetd -a debug)

-wyllys


Someone wrote:

>Srinivas Cheruku wrote:
>
>>In the users home directory create a .k5login file with the principal name
>>you are using to login.
>>$more .k5login
>>user at REALM.COM
>>
>>Good Luck
>>
>>-----Original Message-----
>>From: Someone [mailto:please at nospam.net]
>>Sent: Thursday, March 21, 2002 6:30 PM
>>To: kerberos at mit.edu
>>Subject: Re: Problems using Kerberos telnet
>>
>>
>>Marcio d'Avila Scheibler wrote:
>>
>>
>>>>Hello, I am using MIT kerberos v1.2.3 on a Linux machine, I have 
>>>>activated the kerberized telnet daemon in inetd.conf like that:
>>>>
>>>>telnet  stream  tcp     nowait  root    /usr/sbin/tcpd 
>>>>/usr/local/sbin/telnetd -a valid
>>>>
>>>>
>>>>And then I am using the kerberized telnet client to login to my host (to 
>>>>test) but I cannot, see the following output:
>>>>
>>>>
>>>>>telnet localhost
>>>>>
>>>>Trying 127.0.0.1...
>>>>Connected to localhost (127.0.0.1).
>>>>Escape character is '^]'.
>>>>telnetd: No authentication provided.
>>>>Connection closed by foreign host.
>>>>
>>>>Do I need to do anything special ? I have received a ticket from my KDC 
>>>>and that host has a keytab file.
>>>>
>>>>
>>>>
>>>Is it a forwardable ticket (kinit -f) ?
>>>
>>>
>>>
>>
>>No it wasn't so I did a kinit -f and then tryed the following:
>>
>>$./telnet -a localhost
>>Trying 127.0.0.1...
>>Connected to localhost (127.0.0.1).
>>Escape character is '^]'.
>>telnetd: Authorization failed.
>>Connection closed by foreign host.
>>
>>
>>So now I get the error message: authorization failed, what could be the 
>>problem ?
>>
>>Regards
>>
>>________________________________________________
>>Kerberos mailing list           Kerberos at mit.edu
>>http://mailman.mit.edu/mailman/listinfo/kerberos
>>*********************************************************************
>>Disclaimer: The information in this e-mail and any attachments is
>>confidential / privileged. It is intended solely for the addressee or
>>addressees. If you are not the addressee indicated in this message, you may
>>not copy or deliver this message to anyone. In such case, you should destroy
>>this message and kindly notify the sender by reply email. Please advise
>>immediately if you or your employer does not consent to Internet email for
>>messages of this kind.
>>*********************************************************************
>>________________________________________________
>>Kerberos mailing list           Kerberos at mit.edu
>>http://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>
>
>I added my account to my home dir's file .k5login still doesn't work. 
>Any ideas what else it could be ?
>
>Regards
>
>________________________________________________
>Kerberos mailing list           Kerberos at mit.edu
>http://mailman.mit.edu/mailman/listinfo/kerberos
>

More information about the Kerberos mailing list