Skip Menu |
 

Download (untitled) / with headers
text/plain 5.3KiB
From hugh@opo.usp.ac.fj Sun Jun 6 19:54:56 1999
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id TAA10097 for <bugs@RT-11.MIT.EDU>; Sun, 6 Jun 1999 19:54:55 -0400
Received: from maya.usp.ac.fj by MIT.EDU with SMTP
id AA08422; Sun, 6 Jun 99 19:54:17 EDT
Received: from opo.usp.ac.fj (opo.usp.ac.fj [144.120.8.248])
by usp.ac.fj (PMDF V5.2-31 #28367) with SMTP id <01JC49CT78HM003YI9@usp.ac.fj>
for krb5-bugs@mit.edu; Mon, 7 Jun 1999 11:58:19 +1200
Received: (qmail 2573604 invoked by uid 100); Sun, 06 Jun 1999 23:54:03 +0000
Message-Id: <19990606235403.2585744.qmail@opo.usp.ac.fj>
Date: Sun, 06 Jun 1999 23:54:03 +0000
From: hugh@opo.usp.ac.fj
Reply-To: anderson@manu.usp.ac.fj
To: krb5-bugs@MIT.EDU
Subject: [usr err?] telnetd auth failed
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 720
>Category: krb5-admin
>Synopsis: [usr err?] telnetd auth failed
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bjaspan
>State: closed
>Class: support
>Submitter-Id: unknown
>Arrival-Date: Sun Jun 06 19:55:01 EDT 1999
>Last-Modified: Wed Jan 24 17:21:36 EST 2001
>Originator: Hugh Anderson
>Organization:
University of the South Pacific
Suva, Fiji Islands
Show quoted text
>Release: krb5-1.0.5
>Environment:
O2, IRIX 6.5, IRIX 6.5
System: IRIX opo 6.5 05190004 IP32


Show quoted text
>Description:
I am new to kerberos, so I may just have a configuration problem...
The compile and install proceeded without varying from the documentation,
- My intent is to demonstrate kerberos for a post-graduate class this
semester.
I am unable to access the services - when I try to connect to
telnet (for example) I get messages like this:

opo 117% /usr/local/bin/telnet -r -a -x -f opo 5555
Trying 255.255.255.255...
Connected to opo.usp.ac.fj (255.255.255.255).
Escape character is '^]'.
Waiting for encryption to be negotiated...[ Kerberos V5 accepts you as ``hugh@MACS.USP.AC.FJ'' ]
[ Kerberos V5 accepted forwarded credentials ]
done.
telnetd: Authorization failed.
Connection closed by foreign host.
opo 118%

We only have a few UNIX machines at USP, so I am using opo both as the
master KDC and as client and server machines. There are no slave KDCs

Show quoted text
>How-To-Repeat:
The KDC is installed on machine opo.usp.ac.fj, with the following config
files:
==================/etc/krb5.conf
[libdefaults]
default_realm = MACS.USP.AC.FJ
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
[realms]
MACS.USP.AC.FJ = {
kdc = opo.usp.ac.fj:88
kdc = opo.usp.ac.fj
admin_server = opo.usp.ac.fj
default_domain = USP.AC.FJ
}
[domain_realm]
.usp.ac.fj = MACS.USP.AC.FJ
usp.ac.fj = MACS.USP.AC.FJ
[logging]
kdc = FILE:/var/adm/krb5kdc.log
admin_server = FILE:/var/adm/kadmin.log
default = FILE:/var/adm/krb5lib.log
==================/usr/local/var/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports = 750,88
[realms]
MACS.USP.AC.FJ = {
database_name = /usr/local/var/krb5kdc/principal
admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
acl_file = /usr/local/var/krb5kdc/kadm5.acl
key_stash_file = /usr/local/var/krb5kdc/.k5.MACS.USP.AC.FJ
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc:normal des:normal des:v4 des:no
realm des:onlyrealm des:afs3
}
=================
I have installed telnetd at a high numbered port for testing:
ktelnet stream tcp nowait root /usr/local/sbin/telnetd telnetd -a valid
=================
And I have an entry for telnet access from opo.usp.ac.fj
opo 50# /usr/local/sbin/kadmin.local
kadmin.local: listprincs
K/M@MACS.USP.AC.FJ
kadmin/admin@MACS.USP.AC.FJ
hugh@MACS.USP.AC.FJ
kadmin/changepw@MACS.USP.AC.FJ
admin/admin@MACS.USP.AC.FJ
host/opo.usp.ac.fj@MACS.USP.AC.FJ
host/manu.usp.ac.fj@MACS.USP.AC.FJ
kadmin/history@MACS.USP.AC.FJ
krbtgt/MACS.USP.AC.FJ@MACS.USP.AC.FJ
kadmin.local:
==================
When I attempt to telnet I get the following
opo 117% /usr/local/bin/telnet -r -a -x -f opo 5555
Trying 255.255.255.255...
Connected to opo.usp.ac.fj (255.255.255.255).
Escape character is '^]'.
Waiting for encryption to be negotiated...[ Kerberos V5 accepts you as ``hugh@MACS.USP.AC.FJ'' ]
[ Kerberos V5 accepted forwarded credentials ]
done.
telnetd: Authorization failed.
Connection closed by foreign host.
opo 118% klist
Ticket cache: /tmp/krb5cc_100
Default principal: hugh@MACS.USP.AC.FJ
Valid starting Expires Service principal
07 Jun 99 10:15:42 07 Jun 99 20:15:40 krbtgt/MACS.USP.AC.FJ@MACS.USP.AC.FJ
07 Jun 99 10:15:48 07 Jun 99 20:15:40 host/opo.usp.ac.fj@MACS.USP.AC.FJ
opo 119%
===============

I am a little uneasy about the 255.255.255.255 address that telnet
mentions.... opo's IP address is 144.120.8.248

I have tried to join the kerberos mailing list without success.

Cheers Hugh

Show quoted text
>Fix:

Show quoted text
>Audit-Trail:

State-Changed-From-To: open-feedback
State-Changed-By: tlyu
State-Changed-When: Wed Jan 24 17:20:52 2001
State-Changed-Why:

State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Wed Jan 24 17:21:08 2001
State-Changed-Why:

user error?

Show quoted text
>Unformatted: