Skip Menu |

Date: Mon, 19 Dec 2005 17:15:58 -0800 (PST)
From: jay alvarez <>
Subject: noaddress ticket error
Download (untitled) / with headers
text/plain 1.9KiB
jay alvarez wrote:
> Jeffrey Altman <> wrote: Both of the Heimdal KDCs
I have access to work fine but I do
> not know what version of Heimdal they are using.
> Before, I use to have a heimdal-0.6.x + Leash ticket
manager(kfw2.6.5) and it is working fine also.
> NetIdMgr will not request a ticket using addresses.
> I guess this is true as I cannot find a checkbox or option button
anywhere in the NetIDMgr where this can be set.
> An "incorrect net address" error should mean that the addresses
within theticket do not correspond to any of the addresses listed in
> the ticket request.

> Do you have a [libdefaults] entry "noaddresses = false" ?
> If so, does it make a difference if you change it to "true"?
> "noaddresses = false" only works with Leash and not with NetIDMgr.
From Leash, I can obtain tickets when this is set to false but not
with NetIDMgr.

does this statement mean that NetIDMgr will obtain tickets if
"noaddresses = true"

If so, it would appear the problem is that NetIDMgr may not be properly
requesting no address tickets

please open a bug for this at

> Also, when I use the putty-with-gssapi found at this link:
> using tickets obtained by Leash on a heimdal 0.7.1 kdc
> I get an error in the sshd debugging window saying:
> "encryption type 18 not supported"
> Is this the ticket encryption type or the ssh encryption type?

type 18 is AES256. You can check this by looking at the properties
dialog for the service ticket in NetIdMgr or at the enctype list in
Leash. The Kerberos used to build sshd may not support AES256 and
yet AES256 is in the list of keys associated with the principal in
your Kerberos Database.

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around

Thank you for your patience.

Your bug should be resolved in KFW 3.1 Beta 1. Please test.