[krbdev.mit.edu #2298] Help!

"antonelladicristofaro@katamail.com" via RT rt-comment at krbdev.mit.edu
Fri Feb 27 09:37:56 EST 2004 

HELLO!
CAN YOU HELP ME? I HAVE A "LITTLE" PROBLEM WITH KERBEROS V5!!
MY CONFIGURATION FILES ARE:

	*****kdc.conf****

[kdcdefaults]
	kdc_ports = 749, 88

[realms]
	MYREALM.IT= {
		dict_file = /usr/share/dict/words
		database_name = /var/kerberos/krb5kdc/principal
		admin_keytab = FILE:/var/kerberos/krb5kdc/kadm5.keytab
		acl_file = /var/kerberos/krb5kdc/kadm5.acl
		key_stash_file = /var/kerberos/krb5kdc/.k5.MYREALM.IT
		max_life = 10h 0m 0s
		max_renewable_life = 7d 0h 0m 0s
		master_key_type = des-cbc-crc
		supported_enctypes = des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:v4 des-cbc-crc:afs3
	}

[logging]
	kdc = FILE:/var/kerberos/krb5kdc/kdc.log
	admin_server = FILE:/var/kerberos/krb5kdc/kadmin.log



	*****krb5.conf****

[logging]
	default = FILE:/var/log/krb5libs.log
	kdc = FILE:/var/log/krb5kdc.log
	admin_server = FILE:/var/log/kadmind.log

[libdefaults]
	default_realm = MYREALM
	default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
	default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
	ticket_lifetime = 36000
	dns_lookup_realm = false
	dns_lookup_kdc = false
	noaddresses = false

[realms]
	MYREALM= {
		kdc = host.domain.myrealm.it:88
		admin_server = host.domain.myrealm.it:749
		default_domain = myrealm.it
	}

[domain_realm]
	.it = MYREALM.IT
	it = MYREALM.IT
	host.domain.myrealm.it = MYREALM.IT
        host.domain.myrealm=MYREALM.IT
        host.domain= MYREALM.IT
	host= MYREALM.IT
	
[kdc]
	profile = /var/kerberos/krb5kdc/kdc.conf

[pam]
	debug = true
	ticket_lifetime = 36000
	renew_lifetime = 36000
	forwardable = true
	krb4_convert = false

[appdefaults]
	kinit = {
		forwardable = true
	}
	telnet = {
		forward = true
		encrypt = true
		autologin = true
	}

THE DEAMONS STARTING CORRECTLY.
THE LOG FILE (ON KDC) SHOWS THAT BOTH THE TICKET-GRANTING-TICKET BOTH THE HOST TICKET ARE GENERATED, infact:

	****Krb5kdc.log****

setting up network...
listening on fd 7: A.B.C.D port 749
listening on fd 8: A.B.C.D port 88
set up 2 sockets
commencing operation

AS_REQ A.B.C.D(88): ISSUE: authtime 1077875078, anto78/admin at MYREALM.IT for krbtgt/MYREALM.IT @MYREALM.IT 

TGS_REQ A.B.C.D(88): ISSUE: authtime 1077875078, anto78/admin at MYREALM.IT for host/host.domain.myrealm.it at MYREALM.IT 


I HAVE AN ERROR MESSAGE ON THE CLIENT:
I HAVE GETTING A FORWARDABLE TICKET WITH

      kinit -f

BUT WHEN I TRY TO TELNET WITH

      telnet -a -x -f host.domain.myrealm.it

I READ THE FOLLOWING:

Trying A.B.C.D....
Connected to host.domain.myrealm.it (A.B.C.D).
Escape character is '^]'.

Waiting for encryption to be negotiated.

[Kerberos v5 refuses authentication because telnetd: krb5_rd_req failed: key version number for principal in key table is incorrect]

[Kerberos v5 refuses authentication because telnetd: krb5_rd_req failed: key version number for principal in key table is incorrect]

[Kerberos v5 refuses authentication because telnetd: krb5_rd_req failed: key version number for principal in key table is incorrect]

Authentication negotiation has failed, which is 
required for encryption. Good Bye.


PLEASE, HELP ME!
I HAVE CONTROLLED KEY VERSION NUMBER WITH:

     klist -ke

AND ANY PRINCIPAL HAVE A KEY NUMBER, BUT I HAVEN'T UNDERSTOOD IF IT IS A CASUAL NUMBER OR A SPECIFIC NUMBER, AND I DON'T KNOW HOW TO RESOLVE THE PROBLEM!

THANKS, Antonella.

More information about the krb5-bugs mailing list