kfw & krb5 1.3.1

King Lung Chiu csklc at farrer.hpc.csiro.au
Mon Feb 9 00:12:28 EST 2004


On further testing, I get these errors when trying to renew the ms2mit tgt 
(using 'kinit -R' from both krb5-1.3.1 and kfw 2.5):

 kinit(v5): No credentials found with supported encryption types while
 renewing credentials

and with 'leash32 -r' I get a popup window with errors:

 No credentials found with supported encryption types
 (Kerberos error 200)

 krb5_get_renewed_creds() failed

So I'm guessing ms2mit encrypts its tgt with an algo. not supported by 
krb5-1.3.1? The weird thing is, even leash32 can't renew ms2mit's tgt.

And on checking the file sizes, I get:

 krb5's kinit tgt size: 2286 bytes
 kfw's ms2mit tgt size: 1179 bytes

So any ideas?

thanks again, regards

King Lung Chiu

> Hi,
> 
> I'm testing out kerberised openssh on cygwin with both krb5 1.3.1 and kfw.
> 
> I can use krb5-1.3.1's kinit no problems, and the tgt allows passwordless 
> ssh from cygwin to a linux machine.
> 
> But when I use tgt from kfw's ms2mit, passwordless ssh stops working (ie. 
> it Basks for a password).
> 
> For kfw, I've set krb5.ini so it's the same as krb5.conf from my cygwin 
> krb5 1.3.1 install. Before running ssh, I also set KRB5CCNAME so it points 
> to the correct location (klist shows OK).
> 
> So my problem is tgt from krb5-1.3.1 is OK, but the tgt from ms2mit does 
> not seem to work.
> 
> Any ideas? (please see below for the ssh -vvv output using the ms2mit tgt)
> 
> regards
> 
> King Lung Chiu
> 
> 
> ...
> debug1: Authentications that can continue: 
> publickey,gssapi,password,keyboard-interactive
> debug3: start over, passed a different list 
> publickey,gssapi,password,keyboard-interactive
> debug3: preferred gssapi,publickey,keyboard-interactive,password
> debug3: authmethod_lookup gssapi
> debug3: remaining preferred: publickey,keyboard-interactive,password
> debug3: authmethod_is_enabled gssapi
> debug1: Next authentication method: gssapi
> debug2: we sent a gssapi packet, wait for reply
> debug1: Miscellaneous failure
> No credentials found with supported encryption types
> 
> debug1: Trying to start again
> debug2: we sent a gssapi packet, wait for reply
> debug1: Authentications that can continue: 
> publickey,gssapi,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/chi145/.ssh/identity
> debug3: no such identity: /home/chi145/.ssh/identity
> debug1: Trying private key: /home/chi145/.ssh/id_rsa
> debug3: no such identity: /home/chi145/.ssh/id_rsa
> debug1: Trying private key: /home/chi145/.ssh/id_dsa
> debug3: no such identity: /home/chi145/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug2: input_userauth_info_req
> debug2: input_userauth_info_req: num_prompts 1
> Password: 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 



More information about the Kerberos mailing list