Kerberos5 Problems Any Suggesstions??

Neelima Adusumilli neelima at students.iiit.net
Mon Mar 1 02:55:56 EST 2004


Here is a problem again....

On Sun, 29 Feb 2004, Sam Hartman wrote:

> Date: Sun, 29 Feb 2004 10:02:05 -0500
> From: Sam Hartman <hartmans at mit.edu>
> To: Adusumilli Neelima <neelima at students.iiit.net>
> Cc: kerberos at mit.edu
> Subject: Re: Kerberos5 Problems Any Suggesstions??
> 
> >>>>> "Adusumilli" == Adusumilli Neelima <neelima at students.iiit.net> writes:
> 
>     Adusumilli> Hi all, I'm new to Kerberos and I'm facing some
>     Adusumilli> problems after installation which are as follows:
> 
>     Adusumilli> 1) I installed Kerberos(krb5-1.3.2) from source code,
>     Adusumilli> and I have seen that aes is also implemented in it. I
>     Adusumilli> tried to change 'default_tkt_enctypes' and
>     Adusumilli> 'default_tgs_encrypes' entries in /etc/krb5.conf from
>     Adusumilli> 'des-cbc-crc' to some other type mentioned in
>     Adusumilli> krb5-1.3.2/src/lib/crypto/etypes.c . But no other
>     Adusumilli> encryption method is working (I want to use AES in my
>     Adusumilli> Kerberos encryption methods). Do I need to make any
>     Adusumilli> other configuration changes for making AES to work?
> 
> First, delete the default_tkt_enctypes and default_tgs_enctypes lines
> from krb5.conf.
> 
> Add aes256-cts:normal to supported_enctypes in your kdc.conf.
> 
> If this is a test realm, run
> cpw -randkey krbtgt/REALM at REALM
> 
> and then change your own password and generate a new keytab for your host.
> 
>     Adusumilli> 2) I installed both the server and client in the same
>     Adusumilli> machine and when I tried to telnet, it connects
>     Adusumilli> through Kerberos. But later I changed the password for
>     Adusumilli> my login. Now Kerberos telnet works when I supply
>     Adusumilli> Kerberos KDC password. When the other password is
>     Adusumilli> provided, it gets connected through ordinary
>     Adusumilli> telnet. And then I tried to sniff the packets of
>     Adusumilli> Kerberos Telnet, they were not encrypted. Encryption
>     Adusumilli> is not called anywhere except for the functions like
>     Adusumilli> 'kadmin', etc. How do I enable Encryption for telnet
>     Adusumilli> or ftp like modules? Or am I not able to understand
>     Adusumilli> the working of Kerberos itself??
> 
> telnet -ax hostname
> 
> Use the private command in ftp; I believe ftp -x may also work.
> 
I tried this option too....but it gave me the following error



	Waiting for encryption to be negotiated...

	Negotiation of authentication, which is required for encryption,
	has failed.  Good-bye.

What do I do now??

Neelima




More information about the Kerberos mailing list