kfw & krb5 1.3.1
King Lung Chiu
csklc at farrer.hpc.csiro.au
Mon Feb 9 00:12:28 EST 2004
On further testing, I get these errors when trying to renew the ms2mit tgt
(using 'kinit -R' from both krb5-1.3.1 and kfw 2.5):
kinit(v5): No credentials found with supported encryption types while
renewing credentials
and with 'leash32 -r' I get a popup window with errors:
No credentials found with supported encryption types
(Kerberos error 200)
krb5_get_renewed_creds() failed
So I'm guessing ms2mit encrypts its tgt with an algo. not supported by
krb5-1.3.1? The weird thing is, even leash32 can't renew ms2mit's tgt.
And on checking the file sizes, I get:
krb5's kinit tgt size: 2286 bytes
kfw's ms2mit tgt size: 1179 bytes
So any ideas?
thanks again, regards
King Lung Chiu
> Hi,
>
> I'm testing out kerberised openssh on cygwin with both krb5 1.3.1 and kfw.
>
> I can use krb5-1.3.1's kinit no problems, and the tgt allows passwordless
> ssh from cygwin to a linux machine.
>
> But when I use tgt from kfw's ms2mit, passwordless ssh stops working (ie.
> it Basks for a password).
>
> For kfw, I've set krb5.ini so it's the same as krb5.conf from my cygwin
> krb5 1.3.1 install. Before running ssh, I also set KRB5CCNAME so it points
> to the correct location (klist shows OK).
>
> So my problem is tgt from krb5-1.3.1 is OK, but the tgt from ms2mit does
> not seem to work.
>
> Any ideas? (please see below for the ssh -vvv output using the ms2mit tgt)
>
> regards
>
> King Lung Chiu
>
>
> ...
> debug1: Authentications that can continue:
> publickey,gssapi,password,keyboard-interactive
> debug3: start over, passed a different list
> publickey,gssapi,password,keyboard-interactive
> debug3: preferred gssapi,publickey,keyboard-interactive,password
> debug3: authmethod_lookup gssapi
> debug3: remaining preferred: publickey,keyboard-interactive,password
> debug3: authmethod_is_enabled gssapi
> debug1: Next authentication method: gssapi
> debug2: we sent a gssapi packet, wait for reply
> debug1: Miscellaneous failure
> No credentials found with supported encryption types
>
> debug1: Trying to start again
> debug2: we sent a gssapi packet, wait for reply
> debug1: Authentications that can continue:
> publickey,gssapi,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/chi145/.ssh/identity
> debug3: no such identity: /home/chi145/.ssh/identity
> debug1: Trying private key: /home/chi145/.ssh/id_rsa
> debug3: no such identity: /home/chi145/.ssh/id_rsa
> debug1: Trying private key: /home/chi145/.ssh/id_dsa
> debug3: no such identity: /home/chi145/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug2: input_userauth_info_req
> debug2: input_userauth_info_req: num_prompts 1
> Password:
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list