Connecting to client fails

Nick Bernstein nbernstein at frontbridge.com
Wed Mar 23 14:08:24 EST 2005 

I've got MIT kerberos setup and working on my kdc (kerberos.mydomain.com)
and I can run sserver kerberos.frontbridge.com 90 and sclient
kerberos.frontbridge.com 90 on kerberos.frontbridge.com. Also, I can do the
same from my test client machine (kc.mydomain.com). However, dispite adding
a host/kc.frontbridge.com at FRONTBRIDGE.COM principal and adding a keytab
entry for the same, as well as for
sample/kc.frontbridge.com at FRONTBRIDGE.COM, I can't seem to authenticate when
connecting from kerberos.mydomain.com -> kc.mydomain.com, and get the
following error message (using telnet -a for verbosity):

===snip===
[ Kerberos V5 refuses authentication because telnetd: krb5_rd_req failed: No
such file opre directory ] 
[ Kerberos V5 refuses authentication because telnetd: krb5_rd_req failed: No
such file opre directory ]
Password for root: Error while reading password for 'root'
Login incorrect
login:  
telnet> quit
==========

When I use sserver/sclient, I get the following: 

==snip==
sendauth rejected, error reply is:
	" No such file or directory"
========


OS: RedHat Enterprise Linux v3
Kerberos Version: 5, 1.2.7-19 (shipps w/ redhat)
Misc. information: 

Klist: 
---------------------------------------
Ticket cache: FILE: /tmp/krb5cc_0
Default principal: root at FRONTBRIDGE.COM

Valid starting: 		Expires:		Service principal
3/23/05 13:35:42		3/23/05 23:35:41
krbtgt/FRONTBRIDGE.COM at FRONTBRIDGE.COM
3/23/05 13:36:02		3/23/05 23:35:41
host/kc.frontbridge.com at FRONTBRIDGE.COM
3/23/05 13:45:47		3/23/05 23:35:41
sample/kc.frontbridge.com at FRONTBRIDGE.COM

Kerberos 4 ticket cache: /tmp/tkt0
Klist: You have no tickets cached

kadmin.local listprincs: 
-----------------------------------------------------------
kadmin.local:  listprincs
K/M at FRONTBRIDGE.COM
host/kc.frontbridge.com at FRONTBRIDGE.COM
host/kerberos.frontbridge.com at FRONTBRIDGE.COM
kadmin/admin at FRONTBRIDGE.COM
kadmin/changepw at FRONTBRIDGE.COM
kadmin/history at FRONTBRIDGE.COM 
kadmin/kerberos.frontbridge.com at FRONTBRIDGE.COM
krbtgt/FRONTBRIDGE.COM at FRONTBRIDGE.COM
nick/admin at frontbridge.com
nick at FRONTBRIDGE.COM
root/admin at frontbridge.com
root at FRONTBRIDGE.COM
sample/kc.frontbridge.com at FRONTBRIDGE.COM
sample/kerberos.frontbridge.com at FRONTBRIDGE.COM
ssh/kerberos.frontbridge.com at FRONTBRIDGE.COM
kadmin.local:

To review: 
----------------------------------------------
The connection: 
kerberos.frontbridge.com -> kerberos.frontbridge.com: WORKS
kerberos.frontbridge.com -> kc.frontbridge.com: 	FAILS
kc.frontbridge.com -> kerberos.frontbridge.com: 	WORKS
kc.frontbridge.com -> kc.frontbridge.com: 		FAILS

I'd appreciate any help you can give me in this, I've been trying to find
that specific error in google archives and all the usual places and can't
seem to come up with anything. This is the first time I've setup kerberos,
so I may be just missing one of the steps (probably) I need to do in order
to get the host working right. I'd output my keytab, but I'm not really sure
there is a way to do that. 

Thanks for the help,
Nick,.



FrontBridge introduces Message Archive and Secure Email. Get leading Enterprise Message Security services from FrontBridge. www.frontbridge.com.

More information about the Kerberos mailing list