From: | "antonelladicristofaro@katamail.com" <antonelladicristofaro@katamail.com> |
To: | krb5-bugs@mit.edu |
Subject: | Help! |
Date: | Fri, 27 Feb 2004 14:35:08 +0000 |
HELLO!
CAN YOU HELP ME? I HAVE A "LITTLE" PROBLEM WITH KERBEROS V5!!
MY CONFIGURATION FILES ARE:
*****kdc.conf****
[kdcdefaults]
kdc_ports = 749, 88
[realms]
MYREALM.IT= {
dict_file = /usr/share/dict/words
database_name = /var/kerberos/krb5kdc/principal
admin_keytab = FILE:/var/kerberos/krb5kdc/kadm5.keytab
acl_file = /var/kerberos/krb5kdc/kadm5.acl
key_stash_file = /var/kerberos/krb5kdc/.k5.MYREALM.IT
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
[logging]
kdc = FILE:/var/kerberos/krb5kdc/kdc.log
admin_server = FILE:/var/kerberos/krb5kdc/kadmin.log
*****krb5.conf****
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYREALM
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
ticket_lifetime = 36000
dns_lookup_realm = false
dns_lookup_kdc = false
noaddresses = false
[realms]
MYREALM= {
kdc = host.domain.myrealm.it:88
admin_server = host.domain.myrealm.it:749
default_domain = myrealm.it
}
[domain_realm]
.it = MYREALM.IT
it = MYREALM.IT
host.domain.myrealm.it = MYREALM.IT
host.domain.myrealm=MYREALM.IT
host.domain= MYREALM.IT
host= MYREALM.IT
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[pam]
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[appdefaults]
kinit = {
forwardable = true
}
telnet = {
forward = true
encrypt = true
autologin = true
}
THE DEAMONS STARTING CORRECTLY.
THE LOG FILE (ON KDC) SHOWS THAT BOTH THE TICKET-GRANTING-TICKET BOTH THE HOST TICKET ARE GENERATED, infact:
****Krb5kdc.log****
setting up network...
listening on fd 7: A.B.C.D port 749
listening on fd 8: A.B.C.D port 88
set up 2 sockets
commencing operation
AS_REQ A.B.C.D(88): ISSUE: authtime 1077875078, anto78/admin@MYREALM.IT for krbtgt/MYREALM.IT @MYREALM.IT
TGS_REQ A.B.C.D(88): ISSUE: authtime 1077875078, anto78/admin@MYREALM.IT for host/host.domain.myrealm.it@MYREALM.IT
I HAVE AN ERROR MESSAGE ON THE CLIENT:
I HAVE GETTING A FORWARDABLE TICKET WITH
kinit -f
BUT WHEN I TRY TO TELNET WITH
telnet -a -x -f host.domain.myrealm.it
I READ THE FOLLOWING:
Trying A.B.C.D....
Connected to host.domain.myrealm.it (A.B.C.D).
Escape character is '^]'.
Waiting for encryption to be negotiated.
[Kerberos v5 refuses authentication because telnetd: krb5_rd_req failed: key version number for principal in key table is incorrect]
[Kerberos v5 refuses authentication because telnetd: krb5_rd_req failed: key version number for principal in key table is incorrect]
[Kerberos v5 refuses authentication because telnetd: krb5_rd_req failed: key version number for principal in key table is incorrect]
Authentication negotiation has failed, which is
required for encryption. Good Bye.
PLEASE, HELP ME!
I HAVE CONTROLLED KEY VERSION NUMBER WITH:
klist -ke
AND ANY PRINCIPAL HAVE A KEY NUMBER, BUT I HAVEN'T UNDERSTOOD IF IT IS A CASUAL NUMBER OR A SPECIFIC NUMBER, AND I DON'T KNOW HOW TO RESOLVE THE PROBLEM!
THANKS, Antonella.
CAN YOU HELP ME? I HAVE A "LITTLE" PROBLEM WITH KERBEROS V5!!
MY CONFIGURATION FILES ARE:
*****kdc.conf****
[kdcdefaults]
kdc_ports = 749, 88
[realms]
MYREALM.IT= {
dict_file = /usr/share/dict/words
database_name = /var/kerberos/krb5kdc/principal
admin_keytab = FILE:/var/kerberos/krb5kdc/kadm5.keytab
acl_file = /var/kerberos/krb5kdc/kadm5.acl
key_stash_file = /var/kerberos/krb5kdc/.k5.MYREALM.IT
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
[logging]
kdc = FILE:/var/kerberos/krb5kdc/kdc.log
admin_server = FILE:/var/kerberos/krb5kdc/kadmin.log
*****krb5.conf****
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYREALM
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
ticket_lifetime = 36000
dns_lookup_realm = false
dns_lookup_kdc = false
noaddresses = false
[realms]
MYREALM= {
kdc = host.domain.myrealm.it:88
admin_server = host.domain.myrealm.it:749
default_domain = myrealm.it
}
[domain_realm]
.it = MYREALM.IT
it = MYREALM.IT
host.domain.myrealm.it = MYREALM.IT
host.domain.myrealm=MYREALM.IT
host.domain= MYREALM.IT
host= MYREALM.IT
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[pam]
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[appdefaults]
kinit = {
forwardable = true
}
telnet = {
forward = true
encrypt = true
autologin = true
}
THE DEAMONS STARTING CORRECTLY.
THE LOG FILE (ON KDC) SHOWS THAT BOTH THE TICKET-GRANTING-TICKET BOTH THE HOST TICKET ARE GENERATED, infact:
****Krb5kdc.log****
setting up network...
listening on fd 7: A.B.C.D port 749
listening on fd 8: A.B.C.D port 88
set up 2 sockets
commencing operation
AS_REQ A.B.C.D(88): ISSUE: authtime 1077875078, anto78/admin@MYREALM.IT for krbtgt/MYREALM.IT @MYREALM.IT
TGS_REQ A.B.C.D(88): ISSUE: authtime 1077875078, anto78/admin@MYREALM.IT for host/host.domain.myrealm.it@MYREALM.IT
I HAVE AN ERROR MESSAGE ON THE CLIENT:
I HAVE GETTING A FORWARDABLE TICKET WITH
kinit -f
BUT WHEN I TRY TO TELNET WITH
telnet -a -x -f host.domain.myrealm.it
I READ THE FOLLOWING:
Trying A.B.C.D....
Connected to host.domain.myrealm.it (A.B.C.D).
Escape character is '^]'.
Waiting for encryption to be negotiated.
[Kerberos v5 refuses authentication because telnetd: krb5_rd_req failed: key version number for principal in key table is incorrect]
[Kerberos v5 refuses authentication because telnetd: krb5_rd_req failed: key version number for principal in key table is incorrect]
[Kerberos v5 refuses authentication because telnetd: krb5_rd_req failed: key version number for principal in key table is incorrect]
Authentication negotiation has failed, which is
required for encryption. Good Bye.
PLEASE, HELP ME!
I HAVE CONTROLLED KEY VERSION NUMBER WITH:
klist -ke
AND ANY PRINCIPAL HAVE A KEY NUMBER, BUT I HAVEN'T UNDERSTOOD IF IT IS A CASUAL NUMBER OR A SPECIFIC NUMBER, AND I DON'T KNOW HOW TO RESOLVE THE PROBLEM!
THANKS, Antonella.