Problems with kerberized telnetd and telnet

John Hascall john at iastate.edu
Mon Jan 13 16:25:50 EST 2003


First, do:  klist -f
to make sure your TGT has the forwardable flag set,
like this:

% klist -f
Ticket cache: FILE:/var/dss/kerberos/tkt/v5_3e22df980e8a53
Default principal: john at IASTATE.EDU

Valid starting     Expires            Service principal
01/13/03 14:07:19  01/20/03 14:07:19  krbtgt/IASTATE.EDU at IASTATE.EDU
        Flags: FI

    ...K4 tickets omitted here...

then do:

    telnet -axF ebiz.austin.ibm.com

(-a = auth, -x = encrypt) [I doubt you need the -k realm
                           if things are properly setup]

John

> 
> 	I'm using the Debian GNU/Linux version of kerberized telnetd and
> telnet and am trying to do kerberos based telnet logins. The steps I
> follow are (1) kinit (2) telnet -F <telnet server>, but I get a failure.
> Here are the gory details :
> 
> ken at sid:~$ klist
> Ticket cache: FILE:/tmp/krb5cc_1000
> Default principal: y2kmvs at ebiz.austin.ibm.com
> 
> Valid starting     Expires            Service principal
> 01/13/03 13:36:15  01/13/03 23:35:38  krbtgt/ebiz.austin.ibm.com at ebiz.austin.
ibm.com
> 
> 
> Kerberos 4 ticket cache: /tmp/tkt1000
> klist: You have no tickets cached
> 
> ken at sid:~$ telnet -F -k ebiz.austin.ibm.com ebiz.austin.ibm.com
> Trying A.B.C.D...
> Connected to ebiz.austin.ibm.com (A.B.C.D).
> Escape character is '^]'.
> telnetd: No authentication provided.
> Connection closed by foreign host.
> 
> 	An ethereal trace shows the following exchange :
> 
> client --> server
> 	Telnet commands :
> 		Do Encryption Option
> 		Will Encryption Option
> 		Do Suppress Go Ahead
> 		Will Terminal Type
> 		Will Negotiate About Window Size
> 		Will Terminal Speed
> 		Will Remote Flow Control
> 		Will Linemode
> 		Will New Environment Option
> 		Do Status
> 		Will X Display Location
> 
> server --> client
> 	Telnet commands :
> 		Do Authentication Option
> 
> client --> server
> 	Telnet commands :
> 		Wont Authentication Option
> 
> server --> client
> 	Telnet commands :
> 		Will Encryption Option
> 		Do Encryption Option
> 			Send your Encryption Option
> 		Will Suppress Go Ahead
> 		Do Terminal Type
> 		Do Negotiate About Window Size
> 		Do Terminal Speed
> 		Do Remote Flow Control
> 		Dont Linemode
> 		Do New Environment Option
> 		Will Status
> 		Do X Display Location
> 
> server --> client
> 	Telnet commands :
> 		Do Environment Option
> 
> client --> server
> 	Telnet commands :
> 		Encryption Option
> 			Send your Encryption Option
> 		Negotiate About Window Size
> 			Heres my Negotiate About Window Size
> 			Value: i\000F
> 
> client --> server
> 	Telnet commands :
> 		Wont Environment Option
> 
> server --> client
> 	Telnet commands :
> 		Terminal Speed
> 			Send your Terminal Speed
> 		X Display Location
> 			Send your X Display Location
> 		New Environment Option
> 			Send your New Environment Option
> 		Terminal Type
> 			Send your Terminal Type
> 
> client --> server
> 	Telnet commands :
> 		Terminal Speed
> 			Here's my Terminal Speed
> 			Value: 38400,38400
> 		X Display Location
> 			Here's my X Display Location
> 			Value: localhost:10.0
> 		New Environment Option
> 			Here's my New Environment Option
> 			Value: \000DISPLAY\001localhost:10.0
> 		Terminal Type
> 			Here's my Terminal Type
> 			Value: XTERM
> 
> server --> client
> 	Data:
> 		telnetd: No Authentication provided. \r\n
> 
> ....and the server initiates a connection close.
> 
> 	telnetd is being started with a '-a user' option. Is this not the
> right option for Kerberos authentication? Why does the client claim that
> it wont do authentication?
> 
> Thanks,
> Kenneth
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
> 





More information about the Kerberos mailing list