Odd Kermit Kerberos problem

Jeffrey Altman jaltman at watsun.cc.columbia.edu
Wed May 22 20:54:20 EDT 2002 

In article <acbam1$1k5a$1 at nntp6.u.washington.edu>,
Donn Cave <donn at u.washington.edu> wrote:
: Quoth eravin at panix.com (Ed Ravin):
: | I encountered a very odd problem with Kermit and Kerberized
: | telnet today.  I tried to use kermit to connect to a host:
: |
: |   $ kermit -J serverhost
: |    DNS Lookup...  Trying 192.168.1.23...  Reverse DNS Lookup... (OK)
: |   No credentials found with supported encryption types while authorizing (3).
: |   Authentication failed: No authentication method available
: |
: | This was odd because I had just Kerberized using /usr/bin/telnet to a
: | different host.  I tried serverhost with telnet, it Kerberized without
: | a problem, then tried Kermit again, and it now could Kerberize without
: | a problem.
: |
: | Environment is NetBSD 1.5.2, with MIT libraries and KDC.
: |
: | Any idea what might be going on here?
: 
: No, and I don't want to.  I just want the encryption types
: pain to end.  But if you can repeat this, you might use
: "klist -e" to check up on your credentials before and after
: these steps.
: 
: On NetBSD, /usr/bin/telnet would normally be Heimdal, not MIT.
: These two implementations can use the same krb5.conf, but there
: are differences that happen to be related to encryption types.
: My MIT krb5.conf has these two lines in [libdefs]:
: 
:     default_tkt_enctypes = des-cbc-crc
:     default_tgs_enctypes = des-cbc-crc
: 
: and I added these for the Heimdal applications -
: 
:     default_etypes = des-cbc-crc
:     default_etypes_des = des-cbc-crc
: 
: 	Donn Cave, donn at u.washington.edu

And in Kermit use

  AUTH K5 LIST /ENCRYPT

to see what tickets kermit thinks are available.  Kermit cannot be 
compile against Heimdal so MIT Kerberos must be on this system.


 Jeffrey Altman * Sr.Software Designer      Kermit 95 1.1.21  available now!!!
 The Kermit Project @ Columbia University   SSH plus Telnet, FTP and HTTP
 http://www.kermit-project.org/             secured with Kerberos, SRP, and 
 kermit-support at columbia.edu                OpenSSL.

More information about the Kerberos mailing list