service principals in AD fro unix kerberos clients
Ryan Odgers
odgersr at out.co.za
Thu Jan 29 03:46:55 EST 2004
I get the following error when trying to connect with kermit telnet:
key size is not compatible with encryption type
I have set the UNIX kerberos client to use DES-CBC-CRC encryption.
If I look in the Leash ticket manger, after trying to connect to from kermit
to the UNIX host, I have the krbtgt ticket from the AD, as well as the
host/unixhost.domain at DOMAIN ticket.
Version of kerberos on UNIX is HP's version of Kerberos which comes with
11.11
"Jeffrey Altman" <jaltman2 at nyc.rr.com> wrote in message
news:4015332F.5080605 at nyc.rr.com...
> Ryan Odgers wrote:
> > I have AD users corresponding to the services eg. telnet and ftp and
have
> > used ktpass to generate the following principals.
> > telnet/xxx.test.com at TEST.COM
> > ftp/xxx.test.com at TEST.COM
> >
> > I just get lost in how to get a ticket from windows to use that service.
if
> > i am on the unix machine and do a kinit with the service as above, I can
> > authenticate and if I do a klist the ticket is listed. How do I make a
> > kerberos aware client on windows to authenticate using these
credentials?
>
> The client will require access to the TGT for the end user principal.
> Then you need a Kerberos aware Telnet and FTP client application.
> (Kermit 95 will perform both as well as providing Kerberos ticket
> management script functions.)
>
> At that point all you should need to do is connect to the service on the
> Unix host from the Telnet/FTP client. The client software should do the
> rest.
>
> Jeffrey Altman
More information about the Kerberos
mailing list