Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3p2) with ESMTP id JAA07901; Fri, 27 Feb 2004 09:35:10 -0500 (EST) Received: from all-1.inet.it (all-1.inet.it [213.92.5.15]) by pacific-carrier-annex.mit.edu (8.12.4/8.9.2) with ESMTP id i1REZ92v013050 for ; Fri, 27 Feb 2004 09:35:09 -0500 (EST) Received: from localhost [138.132.54.4] by all-1.inet.it via I-SMTP-4.8.4-483 id 138.132.54.4+HyhXmf4YgQ8rs59y8lF; Fri, 27 Feb 2004 15:35:08 +0100 From: "antonelladicristofaro@katamail.com" To: krb5-bugs@mit.edu X-Wmsenderip: 138.132.54.4 X-Complaints-To: abuse@katamail.com Subject: Help! Date: Fri, 27 Feb 2004 14:35:08 +0000 X-Mailer: Katamail Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-Id: <138.132.54.4+HyhXmf4YgQ8rs59y8lF@all-1.inet.it> X-RT-Original-Encoding: iso-8859-1 Content-Length: 3308 HELLO! CAN YOU HELP ME? I HAVE A "LITTLE" PROBLEM WITH KERBEROS V5!! MY CONFIGURATION FILES ARE: *****kdc.conf**** [kdcdefaults] kdc_ports = 749, 88 [realms] MYREALM.IT= { dict_file = /usr/share/dict/words database_name = /var/kerberos/krb5kdc/principal admin_keytab = FILE:/var/kerberos/krb5kdc/kadm5.keytab acl_file = /var/kerberos/krb5kdc/kadm5.acl key_stash_file = /var/kerberos/krb5kdc/.k5.MYREALM.IT max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s master_key_type = des-cbc-crc supported_enctypes = des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:v4 des-cbc-crc:afs3 } [logging] kdc = FILE:/var/kerberos/krb5kdc/kdc.log admin_server = FILE:/var/kerberos/krb5kdc/kadmin.log *****krb5.conf**** [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYREALM default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc ticket_lifetime = 36000 dns_lookup_realm = false dns_lookup_kdc = false noaddresses = false [realms] MYREALM= { kdc = host.domain.myrealm.it:88 admin_server = host.domain.myrealm.it:749 default_domain = myrealm.it } [domain_realm] .it = MYREALM.IT it = MYREALM.IT host.domain.myrealm.it = MYREALM.IT host.domain.myrealm=MYREALM.IT host.domain= MYREALM.IT host= MYREALM.IT [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [pam] debug = true ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false [appdefaults] kinit = { forwardable = true } telnet = { forward = true encrypt = true autologin = true } THE DEAMONS STARTING CORRECTLY. THE LOG FILE (ON KDC) SHOWS THAT BOTH THE TICKET-GRANTING-TICKET BOTH THE HOST TICKET ARE GENERATED, infact: ****Krb5kdc.log**** setting up network... listening on fd 7: A.B.C.D port 749 listening on fd 8: A.B.C.D port 88 set up 2 sockets commencing operation AS_REQ A.B.C.D(88): ISSUE: authtime 1077875078, anto78/admin@MYREALM.IT for krbtgt/MYREALM.IT @MYREALM.IT TGS_REQ A.B.C.D(88): ISSUE: authtime 1077875078, anto78/admin@MYREALM.IT for host/host.domain.myrealm.it@MYREALM.IT I HAVE AN ERROR MESSAGE ON THE CLIENT: I HAVE GETTING A FORWARDABLE TICKET WITH kinit -f BUT WHEN I TRY TO TELNET WITH telnet -a -x -f host.domain.myrealm.it I READ THE FOLLOWING: Trying A.B.C.D.... Connected to host.domain.myrealm.it (A.B.C.D). Escape character is '^]'. Waiting for encryption to be negotiated. [Kerberos v5 refuses authentication because telnetd: krb5_rd_req failed: key version number for principal in key table is incorrect] [Kerberos v5 refuses authentication because telnetd: krb5_rd_req failed: key version number for principal in key table is incorrect] [Kerberos v5 refuses authentication because telnetd: krb5_rd_req failed: key version number for principal in key table is incorrect] Authentication negotiation has failed, which is required for encryption. Good Bye. PLEASE, HELP ME! I HAVE CONTROLLED KEY VERSION NUMBER WITH: klist -ke AND ANY PRINCIPAL HAVE A KEY NUMBER, BUT I HAVEN'T UNDERSTOOD IF IT IS A CASUAL NUMBER OR A SPECIFIC NUMBER, AND I DON'T KNOW HOW TO RESOLVE THE PROBLEM! THANKS, Antonella.