Kerberos5 Problems Any Suggesstions??
Neelima Adusumilli
neelima at students.iiit.net
Mon Mar 1 02:55:56 EST 2004
Here is a problem again....
On Sun, 29 Feb 2004, Sam Hartman wrote:
> Date: Sun, 29 Feb 2004 10:02:05 -0500
> From: Sam Hartman <hartmans at mit.edu>
> To: Adusumilli Neelima <neelima at students.iiit.net>
> Cc: kerberos at mit.edu
> Subject: Re: Kerberos5 Problems Any Suggesstions??
>
> >>>>> "Adusumilli" == Adusumilli Neelima <neelima at students.iiit.net> writes:
>
> Adusumilli> Hi all, I'm new to Kerberos and I'm facing some
> Adusumilli> problems after installation which are as follows:
>
> Adusumilli> 1) I installed Kerberos(krb5-1.3.2) from source code,
> Adusumilli> and I have seen that aes is also implemented in it. I
> Adusumilli> tried to change 'default_tkt_enctypes' and
> Adusumilli> 'default_tgs_encrypes' entries in /etc/krb5.conf from
> Adusumilli> 'des-cbc-crc' to some other type mentioned in
> Adusumilli> krb5-1.3.2/src/lib/crypto/etypes.c . But no other
> Adusumilli> encryption method is working (I want to use AES in my
> Adusumilli> Kerberos encryption methods). Do I need to make any
> Adusumilli> other configuration changes for making AES to work?
>
> First, delete the default_tkt_enctypes and default_tgs_enctypes lines
> from krb5.conf.
>
> Add aes256-cts:normal to supported_enctypes in your kdc.conf.
>
> If this is a test realm, run
> cpw -randkey krbtgt/REALM at REALM
>
> and then change your own password and generate a new keytab for your host.
>
> Adusumilli> 2) I installed both the server and client in the same
> Adusumilli> machine and when I tried to telnet, it connects
> Adusumilli> through Kerberos. But later I changed the password for
> Adusumilli> my login. Now Kerberos telnet works when I supply
> Adusumilli> Kerberos KDC password. When the other password is
> Adusumilli> provided, it gets connected through ordinary
> Adusumilli> telnet. And then I tried to sniff the packets of
> Adusumilli> Kerberos Telnet, they were not encrypted. Encryption
> Adusumilli> is not called anywhere except for the functions like
> Adusumilli> 'kadmin', etc. How do I enable Encryption for telnet
> Adusumilli> or ftp like modules? Or am I not able to understand
> Adusumilli> the working of Kerberos itself??
>
> telnet -ax hostname
>
> Use the private command in ftp; I believe ftp -x may also work.
>
I tried this option too....but it gave me the following error
Waiting for encryption to be negotiated...
Negotiation of authentication, which is required for encryption,
has failed. Good-bye.
What do I do now??
Neelima
More information about the Kerberos
mailing list