telneting into solaris 8 kerberized telnetd prompts for passwd

Wyllys Ingersoll wyllys.ingersoll at sun.com
Mon Jul 7 14:40:44 EDT 2003 

Check the /etc/pam.conf entries on the Solaris 8 system,
they should have the following 'ktelnet' entries (or something
similar depending on your local authentication policy).

ktelnet auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 acceptor
ktelnet auth required /usr/lib/security/$ISA/pam_unix.so.1


-Wyllys


Peter Himmelfarb (Excell Data Corporation) wrote:
>   
> 
> Synopsis of issue I'm experiencing:
> 
>  
> 
>    a user is prompted for their password when using a kerberized linux
> telnet client
> 
>    to access a kerberized telnet server on a solaris 8 host.
> 
>  
> 
> Test environment:
> 
>  
> 
>    Windows 2003 KDC 
> 
>    (2) Linux hosts running kerberized telnetd
> 
>    (1) solaris 8 host [SEAM 1.0.1 including patches 109223-02, 109805,
> 110060]
> 
>        running kerberized telnetd and kerberized ftpd
> 
>  
> 
> History of successful kerberos interoperability:
> 
>  
> 
> -        user can telnet from linux host to linux host without having to
> enter password
> 
> -        user can ftp from linux host to solaris without having to enter
> password
> 
> -        user can telnet from solaris host linux hosts without having to
> enter password
> 
>  
> 
> Issue:
> 
>  
> 
> -        user can telnet from linux host to solaris telnet server but is
> prompted for their 
> 
> password. Here's output from `telnet -a -x msaum01` [IP's and names
> changed ]
> 
>    
> 
> ./telnet -a -x msaum01
> 
> Trying 10.10.0.10...
> 
> Connected to abc.abc.com (10.10.0.10).
> 
> Escape character is '^]'.
> 
> Waiting for encryption to be negotiated...
> 
> [ Kerberos V5 accepts you as ''bullet at abc.com'' ]
> 
> done.
> 
> Last login: Fri Jun 27 11:47:13 from 10.10.0.10
> 
> Password:
> 
>  
> 
>  
> 
> Excerpt from inetd.conf:
> 
>  
> 
> telnet stream tcp  nowait root /usr/krb5/lib/telnetd telnetd -a user
> 
>  
> 
>  
> 
> 
> 
> ------------------------------------------------------------------------
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list