[opensuse] Kerberos authentication on SuSE 10.2: Incorrect net address?
Hello. I also manage several FreeBSD hosts and use SuSE 10.2 as my desktop OS. On server side a lot of settings are needed however client setting (to set a client to be able to authenticate with kerberos) is extremely simple, just copy the server's /etc/krb5.conf to client computer (same path) and that's enough. Use 'telnet server' on client will automatically encrypt the telnet session (verified with packet sniffer). The same doesn't work on SuSE 10.2. I did set /etc/krb5.conf in suse, but doing a telnet to the server from SuSE desktop establish telnet connection *not-encrypted*. I also tried to manually aquire ticket in order to check what's wrong, and I cannot get the ticket: zhangweiwu@joe:~> kinit Password for zhangweiwu@REALSS.COM:mysecret Exception: krb_error 38 Incorrect net address (38) Incorrect net address KrbException: Incorrect net address (38) at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66) at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:486) at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:444) at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:310) at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:239) at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:106) Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133) at sun.security.krb5.internal.ASRep.init(ASRep.java:58) at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53) at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50) ... 5 more This is strange. The FreeBSD host right after this desktop works fine. After googled a bit I found this person have the same problem: http://www.stacken.kth.se/lists/heimdal-discuss/2003-04/msg00031.html It seems 4 years ago Geoff Beaumont finally couldn't get an answer from lists. (Pretty interesting to see nothing related to Kerberos has been changed on SuSE for the 4 years so his description of the problem is still same as mine.) I guess now SuSE English list is so hot probably someone can help me with this question? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2007-01-03 at 17:14 +0800, Zhang Weiwu wrote:
Hello. I also manage several FreeBSD hosts and use SuSE 10.2 as my desktop OS. On server side a lot of settings are needed however client setting (to set a client to be able to authenticate with kerberos) is extremely simple, just copy the server's /etc/krb5.conf to client computer (same path) and that's enough. Use 'telnet server' on client will automatically encrypt the telnet session (verified with packet sniffer).
The same doesn't work on SuSE 10.2. I did set /etc/krb5.conf in suse, but doing a telnet to the server from SuSE desktop establish telnet connection *not-encrypted*.
I also tried to manually aquire ticket in order to check what's wrong, and I cannot get the ticket:
Is there a reason you are _not_ using ssh instead of telnet? telnet is antiquated and insecure and _not_ recommended anymore. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
在 2007-01-03三的 08:22 -0500,Kenneth Schneider写道:
Is there a reason you are _not_ using ssh instead of telnet? telnet is antiquated and insecure and _not_ recommended anymore.
No I don't intend to use telnet, I need to use Kerberos over a lot of connections and services, however most tutorials available on the Internet instruct learners to configure Kerberos-enabled telnet to see if Kerberos works or not, because it's simpliest. That's my case (sure I use ssh) ^_^ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Kenneth Schneider -
Zhang Weiwu