MIT Kerberos and TN5250

Erez Pasternak Erez.Pasternak at ericom.co.il
Wed Jul 7 03:34:04 EDT 2004 

Hi Sam,

Thanks for the quick response
 
The erroneous behavior is that I fail to connect with Kerberos to AS/400.
When I tried to investigate I saw that IBM in TN5250 uses Kerberos in a different way.

What I saw in IBM is:
1. Request (TGS-REQ) for krbtgt , instance  ERICOM.CO.IL ( Forwordable, Renewable, Canonicalize , Renewable OK)
2. Replay (TGS-REP) service krbtgt  ,instance ERICOM.CO.IL
3. Request (TGS-REQ) for service krbsvr400 , instance kerb400.ericom.co.il (Forwordable, Renewable)
4. Replay (TGS-REP) service krbsvr400 , instance kerb400.ericom.co.il   
5. Request (TGS-REQ) for service krbtgt , instance ERICOM.CO.IL ( Forwordable, Forward , Renewable , Canonicalize , Renewable OK)
6. Replay (TGS-REP) for service krbtgt , instance ERICOM.CO.IL

What I saw in Telnet with MIT Kerberos
1. Request (TGS-REQ) for service krbtgt , instance ERICOM.CO.IL (Forwordable, Renewable ,Canonicalize , Renewable OK )
2. Replay (TGS-REP) for service krbtgt , instance ERICOM.CO.IL
3. Request (TGS-REQ) for service krbsvr400 , instance ERICOM.CO.IL (Forwordable, Renewable)
4. Replay (TGS-REP) service krbsvr400 , instance ERICOM.CO.IL
5. Request (TGS-REQ) for service and host krbsvr400 , kerb400.ericom.co.il (Forwordable, Renewable)
6. Replay (TGS-REP) for service and host krbsvr400 , kerb400.ericom.co.il

As you can see the 1,2 steps are the same (probably because windows ask for this)
What is the different when using ERICOM.CO.IL or kerb400.ericom.co.il ?

Best Regards,
Erez Pasternak
Ericom Software

-----Original Message-----
From: Sam Hartman [mailto:hartmans at mit.edu]
Sent: Tuesday, July 06, 2004 10:00 PM
To: Erez Pasternak
Cc: krbcore at mit.edu; krbdev at mit.edu
Subject: Re: MIT Kerberos and TN5250


>>>>> "Erez" == Erez Pasternak <Erez.Pasternak at ericom.co.il> writes:

    Erez> Hi MIT developers, We are using MIT Kerberos to provide
    Erez> Kerberos support for Terminal Emulation.  When connecting
    Erez> with AS/400 (iseries) in TN5250 protocol we saw that AS/400
    Erez> uses a flag name "canonicalize" when asking for a TGT.  I
    Erez> see in the source code that this flag is missing (
    Erez> TKT_FLG_RESERVED 0x00010000 ) Is there any ways to make this
    Erez> work?

You failed to explain what is actually failing or not working.


What erronious behavior do you see?  Is some request failing?  If so,
how/why?

More information about the krbdev mailing list