Date: | Mon, 19 Dec 2005 17:15:58 -0800 (PST) |
From: | jay alvarez <kerber0sb0y@yahoo.com> |
Subject: | noaddress ticket error |
To: | kfw-bugs@mit.edu |
jay alvarez wrote:
>
> Jeffrey Altman <jaltman2@nyc.rr.com> wrote: Both of the Heimdal KDCs
I have access to work fine but I do
> not know what version of Heimdal they are using.
> Before, I use to have a heimdal-0.6.x + Leash ticket
manager(kfw2.6.5) and it is working fine also.
> NetIdMgr will not request a ticket using addresses.
> I guess this is true as I cannot find a checkbox or option button
anywhere in the NetIDMgr where this can be set.
> An "incorrect net address" error should mean that the addresses
within theticket do not correspond to any of the addresses listed in
> the ticket request.
> Do you have a [libdefaults] entry "noaddresses = false" ?
> If so, does it make a difference if you change it to "true"?
> "noaddresses = false" only works with Leash and not with NetIDMgr.
From Leash, I can obtain tickets when this is set to false but not
with NetIDMgr.
does this statement mean that NetIDMgr will obtain tickets if
"noaddresses = true"
If so, it would appear the problem is that NetIDMgr may not be properly
requesting no address tickets
please open a bug for this at kfw-bugs@mit.edu
> Also, when I use the putty-with-gssapi found at this link:
> http://www.sweb.cz/v_t_m/
> http://www.sweb.cz/v_t_m/putty/PuTTY-0.58-GSSAPI-2005-07-24.zip
>
> using tickets obtained by Leash on a heimdal 0.7.1 kdc
>
> I get an error in the sshd debugging window saying:
>
> "encryption type 18 not supported"
>
> Is this the ticket encryption type or the ssh encryption type?
type 18 is AES256. You can check this by looking at the properties
dialog for the service ticket in NetIdMgr or at the enctype list in
Leash. The Kerberos used to build sshd may not support AES256 and
yet AES256 is in the list of keys associated with the principal in
your Kerberos Database.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com