Problem with Kerberos Service
Christopher D. Clausen
cclausen at acm.org
Thu Feb 8 03:26:13 EST 2007
Luca Petrini <luke_pet at yahoo.it> wrote:
> Hello, I'm italian user and my name is Luca.
>
> I'm working with Kerberos on my Ubuntu 6.10.
>
> 1) Configure the /etc/hosts file:
> 127.0.1.1 laptop
> 192.168.182.254 kdc.epiluke.it admin.epiluke.it lukesky.epiluke.it
> 127.0.0.1 localhost localhost.localdomain
>
> and I have configured the /etc/hostname file with this name
> "lukesky.epiluke.it"
Change the 192.168 line in your /etc/hosts file to:
192.168.182.254 lukesky.epiluke.it
> 2) Configure krb5.conf file:
>
> [realms]
> EPILUKE.IT = {
> kdc = kdc.epiluke.it:88
> admin_server = admin.epiluke.it:749
> }
For now, just use "lukesky.epiluke.it" for both kdc and admin_server.
Once you get things working you can try setting up DNS aliases.
> Now I would configure kerberized telnet service but it doesn't work;
> there is something wrong.
>
> 9) From kadmin I have defined:
>
>> addprinc host/lukesky.epiluke.it at EPILUKE.iT
>> ktadd -k /etc/krb5.keytab host/lukesky.epiluke.it at EPILUKE.IT (???
>> I'm not sure that it's correct)
What does klist -kte (as root) show?
Can you kinit -kt host/lukesky.epiluke.it at EPILUKE.IT on this machine?
> Well, at this point I have exec by shell this command:
>
> $telnet -l pippo lukesky.epiluke.it
What does kinit show before you run the above command?
And try using:
kinit pippo
telnet -a -l pippo lukesky.epiluke.it
> but the results are:
> Trying 192.168.182.254...
> Connected to admin.epiluke.it (192.168.182.254).
> Escape character is '^]'.
> Password for pippo:
> Login incorrect
If ktelnet is working correctly (and I assume you do indeed want to use
ktelnet) you should not be prompted for a password. It should forward
your Kerberos credentials to the telnetd server.
gcs# kinit
Password for cclausen at ILLIGAL.UIUC.EDU:
gcs# telnet -a -l cclausen gcs.illigal.uiuc.edu
Trying 128.174.193.202...
Connected to gcs.illigal.uiuc.edu (128.174.193.202).
Escape character is '^]'.
[ Kerberos V5 accepts you as ``cclausen at ILLIGAL.UIUC.EDU'' ]
Last login: Wed Dec 13 14:03:28 from ial.illigal.uiuc.edu
Linux gcs 2.6.15-27-686 #1 SMP PREEMPT Fri Dec 8 18:00:07 UTC 2006 i686
GNU/Linux
gcs%
gcs% exit
Connection closed by foreign host.
gcs# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: cclausen at ILLIGAL.UIUC.EDU
Valid starting Expires Service principal
02/08/07 02:20:37 02/08/07 12:20:37
krbtgt/ILLIGAL.UIUC.EDU at ILLIGAL.UIUC.EDU
renew until 02/09/07 02:20:34
02/08/07 02:21:01 02/08/07 12:20:37
host/gcs.illigal.uiuc.edu at ILLIGAL.UIUC.EDU
renew until 02/09/07 02:20:34
See the lack of any password prompt?
<<CDC
More information about the Kerberos
mailing list