[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: strange behaviour with login

To: Nicolas Williams <Nicolas.Williams@ubsw.com>
Subject: Re: strange behaviour with login
From: Alex Schenkman <alex@melody.se>
Date: Wed, 14 Mar 2001 16:20:29 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <20010314100451.P922@sm2p1386swk.wdr.com>
Organization: Melody IS AB
References: <01031414020014.03532@marley> <01031414484017.03532@marley> <20010314100451.P922@sm2p1386swk.wdr.com>
Sender: owner-heimdal-discuss@sics.se

I'm using /usr/heimdal/bin/login instead of /bin/login
I have added lo=/usr/heimdal/bin/login
to /etc/gettytab



On Wed, 14 Mar 2001, you wrote:
> On Wed, Mar 14, 2001 at 02:46:03PM +0100, Alex Schenkman wrote:
> > This is on the kdc.
> > Do I need to do anything else ?
> 
> /bin/login needs to know where the keytab is.
> 
> BTW, I know very little about Heimdal...
> 
> Nico
> 
> 
> > roberto.intern = kdc (OpenBSD)
> > carola.intern = FreeBSD
> > marley.intern = RedHat
> > 
> > 
> > [test@roberto /etc]$ sudo /usr/heimdal/sbin/ktutil list
> > Vno  Type           Principal
> >   1  des-cbc-crc    host/roberto.intern
> >   1  des-cbc-md4    host/roberto.intern
> >   1  des-cbc-md5    host/roberto.intern
> >   1  des3-cbc-sha1  host/roberto.intern
> >   1  des-cbc-crc    host/carlota.intern
> >   1  des-cbc-md4    host/carlota.intern
> >   1  des-cbc-md5    host/carlota.intern
> >   1  des3-cbc-sha1  host/carlota.intern
> >   1  des-cbc-crc    host/marley.intern
> >   1  des-cbc-md4    host/marley.intern
> >   1  des-cbc-md5    host/marley.intern
> >   1  des3-cbc-sha1  host/marley.intern               
> > 
> > 
> > 
> > On Wed, 14 Mar 2001, you wrote:
> > > On Wed, Mar 14, 2001 at 01:47:30PM +0100, Alex Schenkman wrote:
> > > > First, thanks for you help during the last days !!
> > > > 
> > > > Now:
> > > > 
> > > > I have a heimdal kdc running on OpenBSD.
> > > > I changed the invocation of login to use heimdal's login (in /etc/gettytab) and
> > > > from the console I can login with a kdc username/passwd.
> > > > 
> > > > >From another box (FreeBSD) using also heimdal, I tried to login ("me") using
> > > > again the kdc. The logs from the kdc show
> > > > 
> > > > 2001-03-14T13:54:48 AS-REQ me@FREE.TEST from IPv4:10.1.1.6 for krbtgt/FREE.TEST@FREE.TEST
> > > > 2001-03-14T13:54:48 No PA-ENC-TIMESTAMP -- me@FREE.TEST
> > > > 2001-03-14T13:54:48 AS-REQ me@FREE.TEST from IPv4:10.1.1.6 for krbtgt/FREE.TEST@FREE.TEST
> > > > 2001-03-14T13:54:48 TGS-REQ me@FREE.TEST from IPv4:10.1.1.6 for host/carlota.intern@FREE.TEST
> > > >                
> > > > This looks ok, but I still can't log in.
> > > 
> > > Did you create a keytab file with key entries for
> > > host/carlota.intern@FREE.TEST?
> > > 
> > > > 
> > > > 
> > > > >From another box (RedHat) using the standard RPM (MIT krb5)
> > > > I get on the kdc:
> > > > 2001-03-14T13:57:25 AS-REQ me@FREE.TEST from IPv4:10.1.1.81 for krbtgt/FREE.TEST@FREE.TEST
> > > > 2001-03-14T13:57:25 No PA-ENC-TIMESTAMP -- me@FREE.TEST
> > > > 2001-03-14T13:57:25 AS-REQ me@FREE.TEST from IPv4:10.1.1.81 for krbtgt/FREE.TEST@FREE.TEST
> > > >        
> > > > I can log in, but the $HOME and username remains unchanged.
> > > > klist doesn't show me anything.
> > > 
> > > There probably is no keytab. Some login programs skip TGT verification
> > > if there are no suitable keytab entries with which to validate TGTs.
> > > This, IMNSHO, is bad; such behaviour should at least be optional.
> > > 
> > > > 
> > > > What am i missing here ?
> > > 
> > > A keytab, probably.
> > > 
> > > Nico
> > > --
> --

References:
- strange behaviour with login
  - From: Alex Schenkman <alex@melody.se>

Prev by Date: Re: strange behaviour with login
Next by Date: Re: strange behaviour with login
Prev by thread: Re: strange behaviour with login
Next by thread: No Subject
Index(es):
- Date
- Thread