Problem with Kerberos Service

Luca Petrini luke_pet at yahoo.it
Wed Feb 7 10:25:35 EST 2007


Hello, I'm italian user and my name is Luca.

I'm working with Kerberos on my Ubuntu 6.10.
 
 I have installed the krb5 packages and configurated the kdc.conf and krb5.conf files. The files are configurate to test the authentication on my local machine.
 
 Now I am trying to active some kerberized service like telnet but I have some problem.
 
 So I've exec thi steps:
 
 1) Configure the /etc/hosts file:
 127.0.1.1 laptop
 192.168.182.254 kdc.epiluke.it admin.epiluke.it lukesky.epiluke.it
 127.0.0.1 localhost localhost.localdomain
 
 and I have configured the /etc/hostname file with this name "lukesky.epiluke.it"
 
 2) Configure krb5.conf file:
 
 [libdefaults]
  default_realm = EPILUKE.IT
 .
 .
 [realms]
  EPILUKE.IT = {
   kdc = kdc.epiluke.it:88
   admin_server = admin.epiluke.it:749
  }
 .
 .
 [domain_realm]
  .epiluke.it = EPILUKE.IT
  epiluke.it = EPILUKE.IT
 .
 .
 
 3) Configure kdc.conf file:
 
 [kdcdefaults]
     kdc_ports = 750,88
 
 [realms]
     EPILUKE.IT = {
         database_name = /var/lib/krb5kdc/principal
         admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
         acl_file = /etc/krb5kdc/kadm5.acl
         key_stash_file = /etc/krb5kdc/stash
  
  kadmin_port = 749
 
         max_life = 10h 0m 0s
         max_renewable_life = 7d 0h 0m 0s
         master_key_type = des3-hmac-sha1
         supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm desnlyrealm des:afs3
         default_principal_flags = +preauth
     }
 
 4) Then I have created a db:
 $/usr/sbin/kdb5_util create -r EPILUKE.IT -s
 
 5) I have created on /etc/krb5kdc directory a new ACL file (kadm5.acl) with this rules:
 
 */admin at EPILUKE.IT *
 */*@EPILUKE.IT  i
 
 6) I have execute kadmin.local:
 >addpol -maxlife "180 days" -minlength 8 -minclasses 3 -history 3 user
 >addpol -maxlife "90 days" -minlength 10 -minclasses 3 -history 6 admin
 >addprinc -policy admin +requires_preauth krbadm/admin
 >addprinc -policy user pippo
 >ktadd -k /etc/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
 
 7) I have started the server
 
 $/etc/init.d/krb5-kdc restart
 $/etc/init.d/krb5-admin-server restart
 
Then I have tested the servers:
 
 $kadmin -p krbadm/admin -> OK
 $kinit pippo -> OK
 
 Now I would configure kerberized telnet service but it doesn't work; there is something wrong.
 
 9) From kadmin I have defined:
 
 >addprinc host/lukesky.epiluke.it at EPILUKE.iT
 >ktadd -k /etc/krb5.keytab host/lukesky.epiluke.it at EPILUKE.IT (??? I'm not sure that it's correct)
 
 10) I create a new file in /etc/xinet.d/ directory named telnet:
 
 service telnet
 {
  socket_type = stream
  wait  = no
  nice  = 10
  user  = root
  server  = /usr/sbin/telnetd
  server_args = -h
 }
 
 11) I have restarted services
 
 $ /etc/init.d/xinetd restart
 
 Well, at this point I have exec by shell this command:
 
 $telnet -l pippo lukesky.epiluke.it
 
 but the results are:
 Trying 192.168.182.254...
 Connected to admin.epiluke.it (192.168.182.254).
 Escape character is '^]'.
 Password for pippo: 
 Login incorrect
 
 if I insert the password the system don't identify the credentials (that instead work on kinit command) and I can't entry on telnet service. 
 
 Why? 
 
 What can I do?
 
 Can you help me? I'm crazying!
 
 Thanks.
 		
---------------------------------
Vinci i biglietti per FIFA World Cup in Germania!


More information about the Kerberos mailing list