d
Victor Sudakov
vas at mpeks.no-spam-here.tomsk.su
Thu Jan 12 06:01:04 EST 2006
Colleagues,
I am running heimdal-0.6.3 on a FreeBSD 4.9-RELEASE system. Kerberized
FTP logins from other systems fail with the following error:
ftpd[51877]: <--- 220 admin.sibptus.tomsk.ru FTP server (Version 6.00+Heimdal 0.6.3) ready.^M -
ftpd[51877]: command: AUTH GSSAPI
ftpd[51877]: <--- 334 Send authorization data.^M -
ftpd[51877]: command: ADAT YIICNwYJKo [deleted]
ftpd[51877]: gss_accept_sec_context: Decrypt integrity check failed
ftpd[51877]: <--- 431 Security resource unavailable^M -
The kerberized telnet to the same host works perfectly (both
authenticates and encrypts), so I assume the server keytab file is OK:
# ktutil list
FILE:/etc/krb5.keytab:
Vno Type Principal
2 des-cbc-crc host/admin.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU
2 des-cbc-md4 host/admin.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU
2 des-cbc-md5 host/admin.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU
2 des3-cbc-sha1 host/admin.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU
krb4:/etc/srvtab:
Vno Type Principal
2 des-cbc-md5 host/admin.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU
2 des-cbc-md4 host/admin.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU
2 des-cbc-crc host/admin.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU
What can be causing the problem?
Thanks in advance for any input.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Kerberos
mailing list