Kerberos5 Problems Any Suggesstions??
Sam Hartman
hartmans at MIT.EDU
Sun Feb 29 10:02:05 EST 2004
>>>>> "Adusumilli" == Adusumilli Neelima <neelima at students.iiit.net> writes:
Adusumilli> Hi all, I'm new to Kerberos and I'm facing some
Adusumilli> problems after installation which are as follows:
Adusumilli> 1) I installed Kerberos(krb5-1.3.2) from source code,
Adusumilli> and I have seen that aes is also implemented in it. I
Adusumilli> tried to change 'default_tkt_enctypes' and
Adusumilli> 'default_tgs_encrypes' entries in /etc/krb5.conf from
Adusumilli> 'des-cbc-crc' to some other type mentioned in
Adusumilli> krb5-1.3.2/src/lib/crypto/etypes.c . But no other
Adusumilli> encryption method is working (I want to use AES in my
Adusumilli> Kerberos encryption methods). Do I need to make any
Adusumilli> other configuration changes for making AES to work?
First, delete the default_tkt_enctypes and default_tgs_enctypes lines
from krb5.conf.
Add aes256-cts:normal to supported_enctypes in your kdc.conf.
If this is a test realm, run
cpw -randkey krbtgt/REALM at REALM
and then change your own password and generate a new keytab for your host.
Adusumilli> 2) I installed both the server and client in the same
Adusumilli> machine and when I tried to telnet, it connects
Adusumilli> through Kerberos. But later I changed the password for
Adusumilli> my login. Now Kerberos telnet works when I supply
Adusumilli> Kerberos KDC password. When the other password is
Adusumilli> provided, it gets connected through ordinary
Adusumilli> telnet. And then I tried to sniff the packets of
Adusumilli> Kerberos Telnet, they were not encrypted. Encryption
Adusumilli> is not called anywhere except for the functions like
Adusumilli> 'kadmin', etc. How do I enable Encryption for telnet
Adusumilli> or ftp like modules? Or am I not able to understand
Adusumilli> the working of Kerberos itself??
telnet -ax hostname
Use the private command in ftp; I believe ftp -x may also work.
More information about the Kerberos
mailing list