[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Heimdal 0.2d using W2k KDC

You are right!
Initially I configured tkt_enctypes and tgs_enctypes = des-cbc-crc, it
didn't work. Then I tried configuring tkt_enctypes tgs_enctypes, etypes and
etypes_des = des-cbc-md5. It didn't work. After receiving your reply, I
tried setting all four options to des-cbc-crc and used kgetcred. It works!
Thank you very much!

By the way, now kgetcred works, but I'm still unable to telnet ... This time
the problem is:

"Escape character is '^]'.
[ Trying mutual KERBEROS5 ... ]
[ Kerberos V5 refuses authentication because Read req failed: Decrypt
integrity check failed ]
[ Trying KERBEROS5 ... ]
Segmentation fault (core dumped)"

I tried it on 2 Solaris 2.5.1 hosts, with the same build of Heimdal. The
first was multihomed, so I supposed the problem was not having a FQDN as
hostname, using NIS+, etc... But the second host (not multihomed) returns
the same error. I tried to set the hostname to FQDN and using dns as first
entry in nsswitch.conf with the same result. ServicePrincipalName in active
directory is correctly set to host/FQDN@CEFRIEL.IT (otherwise it says that
the server could not be found on KDC).

Marco Gandolfi

-----Original Message-----
From: Jacques Vidrine [mailto:n@nectar.com]
Sent: Saturday, November 27, 1999 3:29 PM
To: Marco Gandolfi
Subject: Re: Heimdal 0.2d using W2k KDC 

On 27 November 1999 at 14:38, Marco Gandolfi <marco@cefriel.it> wrote:
> Hi,
> I compiled heimdal for Solaris 2.5.1. I'm using Win 2000 RC2 Server as a
> KDC. I obtain tickets with kinit, but I'm unable to use telnet/telnetd for
> kerberos authentication or encryption. Kgetcred complains about a
> type unsupported by KDC".
> Is this a known issue?

Do you have

        default_tkt_enctypes = des-cbc-crc
        default_tgs_enctypes = des-cbc-crc
        default_etypes = des-cbc-crc
        default_etypes_des = des-cbc-crc

in your /etc/krb5.conf?
Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org