Problem with Kerberos Service

Christopher D. Clausen cclausen at acm.org
Thu Feb 8 03:26:13 EST 2007


Luca Petrini <luke_pet at yahoo.it> wrote:
> Hello, I'm italian user and my name is Luca.
>
> I'm working with Kerberos on my Ubuntu 6.10.
>
> 1) Configure the /etc/hosts file:
> 127.0.1.1 laptop
> 192.168.182.254 kdc.epiluke.it admin.epiluke.it lukesky.epiluke.it
> 127.0.0.1 localhost localhost.localdomain
>
> and I have configured the /etc/hostname file with this name
> "lukesky.epiluke.it"


Change the 192.168 line in your /etc/hosts file to:
192.168.182.254 lukesky.epiluke.it

> 2) Configure krb5.conf file:
>
> [realms]
>  EPILUKE.IT = {
>   kdc = kdc.epiluke.it:88
>   admin_server = admin.epiluke.it:749
>  }

For now, just use "lukesky.epiluke.it" for both kdc and admin_server. 
Once you get things working you can try setting up DNS aliases.

> Now I would configure kerberized telnet service but it doesn't work;
> there is something wrong.
>
> 9) From kadmin I have defined:
>
>> addprinc host/lukesky.epiluke.it at EPILUKE.iT
>> ktadd -k /etc/krb5.keytab host/lukesky.epiluke.it at EPILUKE.IT (???
>> I'm not sure that it's correct)


What does klist -kte (as root) show?

Can you kinit -kt host/lukesky.epiluke.it at EPILUKE.IT on this machine?

> Well, at this point I have exec by shell this command:
>
> $telnet -l pippo lukesky.epiluke.it

What does kinit show before you run the above command?

And try using:
kinit pippo
telnet -a -l pippo lukesky.epiluke.it

> but the results are:
> Trying 192.168.182.254...
> Connected to admin.epiluke.it (192.168.182.254).
> Escape character is '^]'.
> Password for pippo:
> Login incorrect

If ktelnet is working correctly (and I assume you do indeed want to use 
ktelnet) you should not be prompted for a password.  It should forward 
your Kerberos credentials to the telnetd server.

gcs# kinit
Password for cclausen at ILLIGAL.UIUC.EDU:
gcs# telnet -a -l cclausen gcs.illigal.uiuc.edu
Trying 128.174.193.202...
Connected to gcs.illigal.uiuc.edu (128.174.193.202).
Escape character is '^]'.
[ Kerberos V5 accepts you as ``cclausen at ILLIGAL.UIUC.EDU'' ]
Last login: Wed Dec 13 14:03:28 from ial.illigal.uiuc.edu
Linux gcs 2.6.15-27-686 #1 SMP PREEMPT Fri Dec 8 18:00:07 UTC 2006 i686 
GNU/Linux
gcs%
gcs% exit
Connection closed by foreign host.
gcs# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: cclausen at ILLIGAL.UIUC.EDU
Valid starting     Expires            Service principal
02/08/07 02:20:37  02/08/07 12:20:37 
krbtgt/ILLIGAL.UIUC.EDU at ILLIGAL.UIUC.EDU
        renew until 02/09/07 02:20:34
02/08/07 02:21:01  02/08/07 12:20:37 
host/gcs.illigal.uiuc.edu at ILLIGAL.UIUC.EDU
        renew until 02/09/07 02:20:34

See the lack of any password prompt?

<<CDC 





More information about the Kerberos mailing list