Kerberos5 NAT and kftp
Protima Chhabra
pchhabra at bbn.com
Fri Nov 22 11:39:10 EST 2002
Hi,
I have a Kerberos client sitting behind a firewall doing NAT. I have
patched my client and added the proxy gateway to my configuration file, as
explained in the document below
http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/firewall.html#proxy
I can get a ticket, get ktelnet to work with an error message, but kftp
does not work, as shown below. Can someone tell me what is it that I am
doing wrong.
Thanks
Protima
------------------------------------------------------------------------------------------------------------------------------------------
kclient101% klist
Ticket cache: /tmp/krb5cc_11617
Default principal: user at SUB.KRB.COM
Valid starting Expires Service principal
11/14/02 19:06:17 11/15/02 05:06:15 krbtgt/SUB.KRB.COM at SUB.KRB.COM
kclient102% ktelnet opal0-gx.main.KRB.COM
Trying 255.255.255.255... Connected to opal0-gx.main.KRB.COM
(255.255.255.255). Escape character is '^]'. [ Kerberos V5 accepts you as
``user at SUB.KRB.COM'' ] [ Kerberos V5 refuses forwarded credentials because
Read forwarded creds failed: Incorrect net address ] Last login: Thu Nov 14
17:58:26 from 68.156.252.64.snet.net
opal0> exit
opal0> logout
Connection closed by foreign host.
kclient103% kftp opal0-gx.main.KRB.COM
Connected to opal0-gx.main.KRB.COM.
220 opal0 FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: Incorrect channel bindings were supplied
GSSAPI error minor: No error
GSSAPI error: accepting context
GSSAPI ADAT failed
GSSAPI authentication failed
Name (opal0.main.KRB.COM:user):
530 User user access denied: authentication required.
Login failed.
Remote system type is UNKNOWN.
ftp> bye
221 Goodbye.
------------------------------------------------------------------------------------------------------------------------------------------
More information about the Kerberos
mailing list