Problem with Kerberos Service

Jeffrey Altman jaltman at secure-endpoints.com
Sun Feb 18 10:20:09 EST 2007


Christopher D. Clausen wrote:
> LukePet <luke_pet at yahoo.it> wrote:
>> Ok and about telnet...waht can you tell me?
>>
>> "lukesky at lukesky:~$ kinit pippo
>> Password for pippo at EPILUKE.IT:
>> lukesky at lukesky:~$ telnet -a -l pippo lukesky.epiluke.it
>> Trying 192.168.182.185...
>> Connected to lukesky.epiluke.it (192.168.182.185).
>> Escape character is '^]'.
>> [ Kerberos V5 accepts you as ``pippo at EPILUKE.IT'' ]
>> Password for pippo:
>> Login incorrect
>>
>> It seems that somethig is change...what mean [ Kerberos V5 accepts
>> you as ``pippo at EPILUKE.IT'' ]????
>>
>> why does it ask "Password for pippo: "??? what have I to insert? "
>
> I don't know why it asks for a password.  The "Kerberos accepts you as" 
> message should indicate that telnetd has received forwarded Kerberos 
> credentials from your telnet client.
>
The Kerberos v5 accepts you message only indicates that Kerberos
authentication
has succeeded.  It does not indicate whether or not there actually
exists a local
account 'pippo' on the machine, or whether the Kerberos principal
'pippo at EPILUKE.IT'
maps to that account.

Nor does the accepts message indicate anything about forwarded
credentials.  If
credentials were forwarded you would see a "remote machine has accepted
forwarded
credentials" message.

The above telnet session is not using mutual authentication.   That
would be indicated
by a "remove machine has been mutually authenticated" message and if
there was
encryption you would be seeing "output is now encrypted" and "input is
now decrypted"
messages.

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20070218/a35793e1/attachment.bin


More information about the Kerberos mailing list