Problems with kerberized telnetd and telnet - progress!
Kenneth Stephen
y2kmvs at ebiz.austin.ibm.com
Tue Jan 14 16:18:34 EST 2003
On Tue, 14 Jan 2003, Ken Hornstein wrote:
>
> >[ Kerberos V5 refuses authentication because telnetd: krb5_rd_req failed: Decrypt integrity check failed ]
>
> This means, essentially, "Password incorrect", and that means that the
> password (key) in your keytab doesn't match the one stored in your KDC
> for this principal. You'll have to get them in sync somehow (I don't
> really know that much about DCE to help you).
>
Ken,
Even though I couldnt believe that the password was incorrect (I
had carefully typed in the passwords on the DCE and Kerberos side), I
check my assumptions and found out that you were correct. Here is what I
get now :
ken at sid:~$ kinit y2kmvs at ebiz.austin.ibm.com
Password for y2kmvs at ebiz.austin.ibm.com:
ken at sid:~$ USER=y2kmvs at ebiz.austin.ibm.com telnet -axF -k ebiz.austin.ibm.com ebiz.austin.ibm.com
Trying A.B.C.D.
Connected to ebiz.austin.ibm.com (A.B.C.D).
Escape character is '^]'.
Waiting for encryption to be negotiated...
[ Kerberos V5 accepts you as ``y2kmvs at ebiz.austin.ibm.com'' ]
[ Kerberos V5 accepted forwarded credentials ]
done.
Password for y2kmvs at ebiz.austin.ibm.com:
Login incorrect
login: y2kmvs
Password for y2kmvs:
y2kmvs: Kerberos password incorrect
Kerberos error: Can't send request (send_to_kdc)
Last login: Tue Jan 14 13:46:44 from kenneth.austin.ibm.com
login/v4: Cannot contact any KDC for requested realm converting to V4 credentials
Linux ebiz.austin.ibm.com 2.2.20 #2 Fri Dec 7 18:28:51 CST 2001 i586 unknown
Actually, I wasnt expecting a password prompt at all. Furthermore,
the password that finally worked isnt the DCE/Kerberos password but the
local password for the id y2kmvs. Any ideas as to what gives?
Thanks,
Kenneth
More information about the Kerberos
mailing list