Need help with ms2mit.exe

Pat Connolly Connolly_Patrick at bah.com
Thu Jul 13 15:44:56 EDT 2006 

Jeff,

klist -e on windows has "ArcFour with HMAC/md5"
klist -e in cygwin has "AES-128 CTS mode with 96-bit SHA-1 HMAC"

I have kerberos 1.3.3 installed. I got the cygwin package from
http://www-clued0.fnal.gov/~axel/files/. What is the easiest way to fix
this?

Thanks
Pat


Jeffrey Altman wrote:
> "klist -e"
>
> I bet the Kerberos implementation you are using in cygwin does not have
> support for the enctypes used by Microsoft.  RC4-HMAC
>
> Jeffrey Altman
>
>
> Pat Connolly wrote:
> > Jeff, Thanks, That worked. When I had tried the -c option I did not put
> > the FILE: in front of the path.
> >
> > I am now running into an other problem. If I open a cygwin xterm window
> > and run kinit, I get the ticket. I am then able to ssh to any of the
> > servers with out being asked for a password. But when I run ms2mit and
> > then try to ssh, I am asked for a password. If I run klist I see a
> > valid ticket. It looks the same as the ticket I get after running
> > kinit. In the kdc.log on the kdc server, I get an error stating:
> > "<unknown client> for host/FQDN at REALM, No mathcing key in entry" The
> > other think that I have noticed when I do a klist is that after I do a
> > kinit and then ssh, the server I went to is in my ticket cache. But
> > after I run ms2mit and then ssh, the server is not added.
> >
> > Thanks
> > Pat
> >
> >
> > Jeffrey Altman wrote:
> >> Cygwin can only use file based ccaches.  You need to store the TGT
> >> into a file ccache.
> >>
> >>   ms2mit.exe -c FILE:<pathname>
> >>
> >> Then you have to specify the default ccache name in your cygwin
> >> environment.
> >>
> >> Jeffrey Altman
> >>
> >>
> >> Pat Connolly wrote:
> >>> Hello,
> >>>
> >>> I have installed kfw-3.0 on my XP workstation It authenticates against
> >>> the KDC with no problems. Klist shows the ticket in the MSLSA cache.
> >>>
> >>> On my workstation, I also have cygwin installed with krb5 and kerberos
> >>> enabled ssh. Once I run kinit, my ssh works fine.
> >>>
> >>> I am now trying to get the Windows tickets to be dumped to the krb5
> >>> file cache using ms2mit so that I do not need to enter my password a
> >>> second time. When I run ms2mit from the command line I get the prompt
> >>> back with no errors but the krb5 cache is not populated. Any ideas
> >>> where I went wrong?
> >>>
> >>> Thanks
> >>> Pat
> >

More information about the Kerberos mailing list