Need help with ms2mit.exe

Jeffrey Altman jaltman2 at nyc.rr.com
Thu Jul 13 23:04:00 EDT 2006


What does klist in cygwin show after you ms2mit?  That is the important
question.  If you are not seeing the TGT, then you are not placing the
ticket into the correct file.

Jeffrey Altman


Pat Connolly wrote:
> Jeff,
> 
> klist -e on windows has "ArcFour with HMAC/md5"
> klist -e in cygwin has "AES-128 CTS mode with 96-bit SHA-1 HMAC"
> 
> I have kerberos 1.3.3 installed. I got the cygwin package from
> http://www-clued0.fnal.gov/~axel/files/. What is the easiest way to fix
> this?
> 
> Thanks
> Pat
> 
> 
> Jeffrey Altman wrote:
>> "klist -e"
>>
>> I bet the Kerberos implementation you are using in cygwin does not have
>> support for the enctypes used by Microsoft.  RC4-HMAC
>>
>> Jeffrey Altman
>>
>>
>> Pat Connolly wrote:
>>> Jeff, Thanks, That worked. When I had tried the -c option I did not put
>>> the FILE: in front of the path.
>>>
>>> I am now running into an other problem. If I open a cygwin xterm window
>>> and run kinit, I get the ticket. I am then able to ssh to any of the
>>> servers with out being asked for a password. But when I run ms2mit and
>>> then try to ssh, I am asked for a password. If I run klist I see a
>>> valid ticket. It looks the same as the ticket I get after running
>>> kinit. In the kdc.log on the kdc server, I get an error stating:
>>> "<unknown client> for host/FQDN at REALM, No mathcing key in entry" The
>>> other think that I have noticed when I do a klist is that after I do a
>>> kinit and then ssh, the server I went to is in my ticket cache. But
>>> after I run ms2mit and then ssh, the server is not added.
>>>
>>> Thanks
>>> Pat
>>>
>>>
>>> Jeffrey Altman wrote:
>>>> Cygwin can only use file based ccaches.  You need to store the TGT
>>>> into a file ccache.
>>>>
>>>>   ms2mit.exe -c FILE:<pathname>
>>>>
>>>> Then you have to specify the default ccache name in your cygwin
>>>> environment.
>>>>
>>>> Jeffrey Altman
>>>>
>>>>
>>>> Pat Connolly wrote:
>>>>> Hello,
>>>>>
>>>>> I have installed kfw-3.0 on my XP workstation It authenticates against
>>>>> the KDC with no problems. Klist shows the ticket in the MSLSA cache.
>>>>>
>>>>> On my workstation, I also have cygwin installed with krb5 and kerberos
>>>>> enabled ssh. Once I run kinit, my ssh works fine.
>>>>>
>>>>> I am now trying to get the Windows tickets to be dumped to the krb5
>>>>> file cache using ms2mit so that I do not need to enter my password a
>>>>> second time. When I run ms2mit from the command line I get the prompt
>>>>> back with no errors but the krb5 cache is not populated. Any ideas
>>>>> where I went wrong?
>>>>>
>>>>> Thanks
>>>>> Pat
> 



More information about the Kerberos mailing list