kfw-3.0 can't obtain tickets from heimdal kdc 0.7.1(Bad address

[Jeffrey Altman]

jay alvarez wrote:
> 
> Jeffrey Altman <jaltman2 at nyc.rr.com> wrote:  Both of the Heimdal KDCs I have access to work fine but I do
> not know what version of Heimdal they are using. 
>   Before, I use to have a heimdal-0.6.x + Leash ticket manager(kfw2.6.5) and it is working fine also.
>   NetIdMgr will not request a ticket using addresses.   
>     I guess this is true as I cannot find a checkbox or option button anywhere in the NetIDMgr where this can be set.
>   An  "incorrect net address" error should mean that the addresses within  theticket do not correspond to any of the addresses listed in
> the ticket request.


> Do you have a [libdefaults] entry "noaddresses = false" ?
> If so, does it make a difference if you change it to "true"?
>   "noaddresses = false" only works with Leash and not with NetIDMgr. From  Leash, I can obtain tickets when this is set to false but not with  NetIDMgr.

does this statement mean that NetIDMgr will obtain tickets if
"noaddresses = true"

If so, it would appear the problem is that NetIDMgr may not be properly
requesting no address tickets

please open a bug for this at kfw-bugs at mit.edu

>   Also, when I use the putty-with-gssapi found at this link:
>   http://www.sweb.cz/v_t_m/
>   http://www.sweb.cz/v_t_m/putty/PuTTY-0.58-GSSAPI-2005-07-24.zip
>   
>   using tickets obtained by Leash on a heimdal 0.7.1 kdc
>   
>   I get an error in the sshd debugging window saying:
>   
>   "encryption type 18 not supported"
>   
>   Is this the ticket encryption type or the ssh encryption type?

type 18 is AES256.   You can check this by looking at the properties
dialog for the service ticket in NetIdMgr or at the enctype list in
Leash.  The Kerberos used to build sshd may not support AES256 and
yet AES256 is in the list of keys associated with the principal in
your Kerberos Database.

Jeffrey Altman