Problem with Kerberos Service

Thu Feb 8 08:32:36 EST 2007

So, 
> What does klist -kte (as root) show?

lukesky at lukesky:~$ sudo klist -kte
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- -----------------
--------------------------------------------------------
   2 02/08/07 14:13:52 host/lukesky.epiluke.it at EPILUKE.IT (Triple DES cbc
mode with HMAC/sha1) 
   2 02/08/07 14:13:52 host/lukesky.epiluke.it at EPILUKE.IT (DES cbc mode with
CRC-32) 

If I exec this commad I have this.

>Can you kinit -kt host/lukesky.epiluke.it at EPILUKE.IT on this machine?

lukesky at lukesky:~$ kinit -kt host/lukesky.epiluke.it at EPILUKE.IT
kinit(v5): Client not found in Kerberos database while getting initial
credentials

and If I exec kinit and telnet I have:

lukesky at lukesky:~$ kinit pippo
Password for pippo at EPILUKE.IT: 
lukesky at lukesky:~$ telnet -a -l pippo lukesky.epiluke.it
Trying 192.168.182.121...
Connected to admin.epiluke.it (192.168.182.121).
Escape character is '^]'.
Password for pippo: 
Login incorrect

why? what mean?

--------------------------------------------------------------------------------

Christopher D. Clausen wrote:
> 
> Luca Petrini <luke_pet at yahoo.it> wrote:
>> Hello, I'm italian user and my name is Luca.
>>
>> I'm working with Kerberos on my Ubuntu 6.10.
>>
>> 1) Configure the /etc/hosts file:
>> 127.0.1.1 laptop
>> 192.168.182.254 kdc.epiluke.it admin.epiluke.it lukesky.epiluke.it
>> 127.0.0.1 localhost localhost.localdomain
>>
>> and I have configured the /etc/hostname file with this name
>> "lukesky.epiluke.it"
> 
> 
> Change the 192.168 line in your /etc/hosts file to:
> 192.168.182.254 lukesky.epiluke.it
> 
>> 2) Configure krb5.conf file:
>>
>> [realms]
>>  EPILUKE.IT = {
>>   kdc = kdc.epiluke.it:88
>>   admin_server = admin.epiluke.it:749
>>  }
> 
> For now, just use "lukesky.epiluke.it" for both kdc and admin_server. 
> Once you get things working you can try setting up DNS aliases.
> 
>> Now I would configure kerberized telnet service but it doesn't work;
>> there is something wrong.
>>
>> 9) From kadmin I have defined:
>>
>>> addprinc host/lukesky.epiluke.it at EPILUKE.iT
>>> ktadd -k /etc/krb5.keytab host/lukesky.epiluke.it at EPILUKE.IT (???
>>> I'm not sure that it's correct)
> 
> 
> What does klist -kte (as root) show?
> 
> Can you kinit -kt host/lukesky.epiluke.it at EPILUKE.IT on this machine?
> 
>> Well, at this point I have exec by shell this command:
>>
>> $telnet -l pippo lukesky.epiluke.it
> 
> What does kinit show before you run the above command?
> 
> And try using:
> kinit pippo
> telnet -a -l pippo lukesky.epiluke.it
> 
>> but the results are:
>> Trying 192.168.182.254...
>> Connected to admin.epiluke.it (192.168.182.254).
>> Escape character is '^]'.
>> Password for pippo:
>> Login incorrect
> 
> If ktelnet is working correctly (and I assume you do indeed want to use 
> ktelnet) you should not be prompted for a password.  It should forward 
> your Kerberos credentials to the telnetd server.
> 
> gcs# kinit
> Password for cclausen at ILLIGAL.UIUC.EDU:
> gcs# telnet -a -l cclausen gcs.illigal.uiuc.edu
> Trying 128.174.193.202...
> Connected to gcs.illigal.uiuc.edu (128.174.193.202).
> Escape character is '^]'.
> [ Kerberos V5 accepts you as ``cclausen at ILLIGAL.UIUC.EDU'' ]
> Last login: Wed Dec 13 14:03:28 from ial.illigal.uiuc.edu
> Linux gcs 2.6.15-27-686 #1 SMP PREEMPT Fri Dec 8 18:00:07 UTC 2006 i686 
> GNU/Linux
> gcs%
> gcs% exit
> Connection closed by foreign host.
> gcs# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: cclausen at ILLIGAL.UIUC.EDU
> Valid starting     Expires            Service principal
> 02/08/07 02:20:37  02/08/07 12:20:37 
> krbtgt/ILLIGAL.UIUC.EDU at ILLIGAL.UIUC.EDU
>         renew until 02/09/07 02:20:34
> 02/08/07 02:21:01  02/08/07 12:20:37 
> host/gcs.illigal.uiuc.edu at ILLIGAL.UIUC.EDU
>         renew until 02/09/07 02:20:34
> 
> See the lack of any password prompt?
> 
> <<CDC 
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 
View this message in context: http://www.nabble.com/Problem-with-Kerberos-Service-tf3189386.html#a8865301
Sent from the Kerberos - General mailing list archive at Nabble.com.