Need help with ms2mit.exe

Fri Jul 14 08:19:46 EDT 2006

Jeff,

The AES-128 encrytpion in cygwin is before I do the ms2mit. Once I run
the ms2mit the outputs from the two klists Show the ArcFour encyption.

Thanks,
Pat

Jeffrey Altman wrote:
> What does klist in cygwin show after you ms2mit?  That is the important
> question.  If you are not seeing the TGT, then you are not placing the
> ticket into the correct file.
>
> Jeffrey Altman
>
>
> Pat Connolly wrote:
> > Jeff,
> >
> > klist -e on windows has "ArcFour with HMAC/md5"
> > klist -e in cygwin has "AES-128 CTS mode with 96-bit SHA-1 HMAC"
> >
> > I have kerberos 1.3.3 installed. I got the cygwin package from
> > http://www-clued0.fnal.gov/~axel/files/. What is the easiest way to fix
> > this?
> >
> > Thanks
> > Pat
> >
> >
> > Jeffrey Altman wrote:
> >> "klist -e"
> >>
> >> I bet the Kerberos implementation you are using in cygwin does not have
> >> support for the enctypes used by Microsoft.  RC4-HMAC
> >>
> >> Jeffrey Altman
> >>
> >>
> >> Pat Connolly wrote:
> >>> Jeff, Thanks, That worked. When I had tried the -c option I did not put
> >>> the FILE: in front of the path.
> >>>
> >>> I am now running into an other problem. If I open a cygwin xterm window
> >>> and run kinit, I get the ticket. I am then able to ssh to any of the
> >>> servers with out being asked for a password. But when I run ms2mit and
> >>> then try to ssh, I am asked for a password. If I run klist I see a
> >>> valid ticket. It looks the same as the ticket I get after running
> >>> kinit. In the kdc.log on the kdc server, I get an error stating:
> >>> "<unknown client> for host/FQDN at REALM, No mathcing key in entry" The
> >>> other think that I have noticed when I do a klist is that after I do a
> >>> kinit and then ssh, the server I went to is in my ticket cache. But
> >>> after I run ms2mit and then ssh, the server is not added.
> >>>
> >>> Thanks
> >>> Pat
> >>>
> >>>
> >>> Jeffrey Altman wrote:
> >>>> Cygwin can only use file based ccaches.  You need to store the TGT
> >>>> into a file ccache.
> >>>>
> >>>>   ms2mit.exe -c FILE:<pathname>
> >>>>
> >>>> Then you have to specify the default ccache name in your cygwin
> >>>> environment.
> >>>>
> >>>> Jeffrey Altman
> >>>>
> >>>>
> >>>> Pat Connolly wrote:
> >>>>> Hello,
> >>>>>
> >>>>> I have installed kfw-3.0 on my XP workstation It authenticates against
> >>>>> the KDC with no problems. Klist shows the ticket in the MSLSA cache.
> >>>>>
> >>>>> On my workstation, I also have cygwin installed with krb5 and kerberos
> >>>>> enabled ssh. Once I run kinit, my ssh works fine.
> >>>>>
> >>>>> I am now trying to get the Windows tickets to be dumped to the krb5
> >>>>> file cache using ms2mit so that I do not need to enter my password a
> >>>>> second time. When I run ms2mit from the command line I get the prompt
> >>>>> back with no errors but the krb5 cache is not populated. Any ideas
> >>>>> where I went wrong?
> >>>>>
> >>>>> Thanks
> >>>>> Pat
> >