Why Kerberos named

M.safa Safa114 at hotmail.com
Sat Jun 12 00:48:07 EDT 2004 

Please tell me :
-Why this protocol named Kerberos?
- And how Work??From rmanin at ime.unicamp.br Mon Jun 14 11:57:09 2004
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
	[18.7.7.76])
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i5EFv9l1004388
	for <kerberos at PCH.mit.edu>; Mon, 14 Jun 2004 11:57:09 -0400 (EDT)
Received: from corinto.ime.unicamp.br (corinto.ime.unicamp.br
	[143.106.77.101])i5EFv7OC018322
	for <kerberos at mit.edu>; Mon, 14 Jun 2004 11:57:08 -0400 (EDT)
Received: (qmail 16168 invoked by uid 127); 14 Jun 2004 15:57:06 -0000
Received: from rmanin at ime.unicamp.br by corinto.ime.unicamp.br by uid 120 with
	qmail-scanner-1.20rc3 spamassassin: 2.63.  Clear:RC:1:. 
	Processed in 0.023046 secs); 14 Jun 2004 15:57:06 -0000
Received: from larisa.ime.unicamp.br (HELO ime.unicamp.br) (143.106.77.102)
  by corinto.ime.unicamp.br with SMTP; 14 Jun 2004 15:57:06 -0000
Received: from 143.106.77.85
        (SquirrelMail authenticated user rmanin)
        by webmail.ime.unicamp.br with HTTP;
        Mon, 14 Jun 2004 12:57:06 -0300 (BRT)
Message-ID: <1103.143.106.77.85.1087228626.squirrel at webmail.ime.unicamp.br>
Date: Mon, 14 Jun 2004 12:57:06 -0300 (BRT)
From: "Rodolfo Broco Manin" <rmanin at ime.unicamp.br>
To: <kerberos at mit.edu>
X-Priority: 3
Importance: Normal
X-Mailer: SquirrelMail (version 1.2.11)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Subject: Windows XP and Kerberos auth 
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Mon, 14 Jun 2004 15:57:10 -0000

Hi, all!

I'm configuring a Windows XP Professional workstarion to log on using MIT
Kerberos authentication.  So, I used the Windows 2000 "ksetup.exe" tool to
configure the client's registry and created a local account with the same
name of my test principal.

The "host/xxx" and the user's principals exists at KDC - booth with
"des-cbc-crc:normal" encryption type (i also tryed the default one early).

Problem is: I still having the "Username or password incorrect bla bla
bla..." error at login.

Apparently, the Windows box is getting a ticket.  When I type the correct
password, my KDC logs:

----------------------------
Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): AS_REQ (7 etypes
{23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
etypes {rep=3 tkt# ses#}, guest at IME.UNICAMP.BR for
krbtgt/IME.UNICAMP.BR at IME.UNICAMP.BR
Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): AS_REQ (7 etypes
{23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
etypes {rep=3 tkt# ses#}, guest at IME.UNICAMP.BR for
krbtgt/IME.UNICAMP.BR at IME.UNICAMP.BR
Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): TGS_REQ (7 etypes
{23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
etypes {rep# tkt=1 ses=1}, guest at IME.UNICAMP.BR for
host/damasco.ime.unicamp.br at IME.UNICAMP.BR
Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): TGS_REQ (7 etypes
{23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
etypes {rep# tkt=1 ses=1}, guest at IME.UNICAMP.BR for
host/damasco.ime.unicamp.br at IME.UNICAMP.BR
----------------------------

(if the password is incorrect, the "TGS_REQ" messages don't shows up)

The output of "ksetup" at this windows box looks like:

----------------------------
default realm IME.UNICAMP.BR:
        kdc Mapping all users (*) to a local account by the same name (*).
----------------------------

Using a specific mapping ("guest at IME.UNICAMP.BR" => "guest") results the
same error.

My Linux and Solaris clients logs on this user with no problems at all,
and I can get a ticket issuing "kinit" (from KfW) for this user.

There are some posts about a windows registry's "debug level setting" key
for kerberos ([...]/Lsa/Kerberos/Parameters/LogLevel doesn't work on Windows XP (not at mine).

Some idea??

Tnks in advice!!

[]s!
Rodolfo

More information about the Kerberos mailing list