Problem with Kerberos Service
Luca Petrini
luke_pet at yahoo.it
Wed Feb 7 10:25:35 EST 2007
Hello, I'm italian user and my name is Luca.
I'm working with Kerberos on my Ubuntu 6.10.
I have installed the krb5 packages and configurated the kdc.conf and krb5.conf files. The files are configurate to test the authentication on my local machine.
Now I am trying to active some kerberized service like telnet but I have some problem.
So I've exec thi steps:
1) Configure the /etc/hosts file:
127.0.1.1 laptop
192.168.182.254 kdc.epiluke.it admin.epiluke.it lukesky.epiluke.it
127.0.0.1 localhost localhost.localdomain
and I have configured the /etc/hostname file with this name "lukesky.epiluke.it"
2) Configure krb5.conf file:
[libdefaults]
default_realm = EPILUKE.IT
.
.
[realms]
EPILUKE.IT = {
kdc = kdc.epiluke.it:88
admin_server = admin.epiluke.it:749
}
.
.
[domain_realm]
.epiluke.it = EPILUKE.IT
epiluke.it = EPILUKE.IT
.
.
3) Configure kdc.conf file:
[kdcdefaults]
kdc_ports = 750,88
[realms]
EPILUKE.IT = {
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
kadmin_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm desnlyrealm des:afs3
default_principal_flags = +preauth
}
4) Then I have created a db:
$/usr/sbin/kdb5_util create -r EPILUKE.IT -s
5) I have created on /etc/krb5kdc directory a new ACL file (kadm5.acl) with this rules:
*/admin at EPILUKE.IT *
*/*@EPILUKE.IT i
6) I have execute kadmin.local:
>addpol -maxlife "180 days" -minlength 8 -minclasses 3 -history 3 user
>addpol -maxlife "90 days" -minlength 10 -minclasses 3 -history 6 admin
>addprinc -policy admin +requires_preauth krbadm/admin
>addprinc -policy user pippo
>ktadd -k /etc/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
7) I have started the server
$/etc/init.d/krb5-kdc restart
$/etc/init.d/krb5-admin-server restart
Then I have tested the servers:
$kadmin -p krbadm/admin -> OK
$kinit pippo -> OK
Now I would configure kerberized telnet service but it doesn't work; there is something wrong.
9) From kadmin I have defined:
>addprinc host/lukesky.epiluke.it at EPILUKE.iT
>ktadd -k /etc/krb5.keytab host/lukesky.epiluke.it at EPILUKE.IT (??? I'm not sure that it's correct)
10) I create a new file in /etc/xinet.d/ directory named telnet:
service telnet
{
socket_type = stream
wait = no
nice = 10
user = root
server = /usr/sbin/telnetd
server_args = -h
}
11) I have restarted services
$ /etc/init.d/xinetd restart
Well, at this point I have exec by shell this command:
$telnet -l pippo lukesky.epiluke.it
but the results are:
Trying 192.168.182.254...
Connected to admin.epiluke.it (192.168.182.254).
Escape character is '^]'.
Password for pippo:
Login incorrect
if I insert the password the system don't identify the credentials (that instead work on kinit command) and I can't entry on telnet service.
Why?
What can I do?
Can you help me? I'm crazying!
Thanks.
---------------------------------
Vinci i biglietti per FIFA World Cup in Germania!
More information about the Kerberos
mailing list