[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: telnet problem

To: "'Jose Alberto'" <jalbertop@aranea.com.mx>
Subject: AW: telnet problem
From: Schwarz Frank <Frank.Schwarz@FFM.SBS.DE>
Date: Fri, 18 Jan 2002 09:07:33 +0100
Cc: Schwarz Frank <Frank.Schwarz@FFM.SBS.DE>, "'heimdal-discuss@sics.se'" <heimdal-discuss@sics.se>
Sender: owner-heimdal-discuss@sics.se


Jose Alberto wrote:

> Hi
> I'm having a similar problem, I used:
>
> telnet    stream    tcp    nowait    root    
> /usr/local/kerberos/libexec/telnetd telnetd -a valid -D options
>
> (note the Debug -D option) in /etc/inetd.conf
>
> so I got this with the Heimdal telnet/telnetd distribution:
>
> # bin/telnet -l root -x CERBERUS.CTXFARMS.ARANEA.COM
> Encryption is verbose
> Trying 192.0.0.116...
> Connected to CERBERUS.
> Escape character is '^]'.
> td: send do AUTHENTICATION
> td: recv will AUTHENTICATION
> td: send suboption AUTHENTICATION SEND KERBEROS_V5 
> CLIENT|MUTUAL|ENCRYPT KERBEROS_V5 CLIENT|MUTUAL|ENCRYPT KERBEROS_V5 
> CLIENT|ONE-WAY|ENCRYPT
> td: recv do ENCRYPT
> td: send will ENCRYPT
> td: recv will ENCRYPT
> td: send do ENCRYPT
> td: send suboption ENCRYPT SUPPORT DES_CFB64 DES_OFB64
> td: recv do SUPPRESS GO AHEAD
> td: send will SUPPRESS GO AHEAD
> td: recv will TERMINAL TYPE
> td: send do TERMINAL TYPE
> td: recv will NAWS
> td: send do NAWS
> td: recv will TSPEED
> td: send do TSPEED
> td: recv will LFLOW
> td: send do LFLOW
> td: recv will LINEMODE
> td: send dont LINEMODE
> td: recv will NEW-ENVIRON
> td: send do NEW-ENVIRON
> td: recv do STATUS
> td: send will STATUS
> td: recv will XDISPLOC
> td: send do XDISPLOC
> td: recv suboption AUTHENTICATION IS NULL CLIENT|ONE-WAY
> td: recv suboption ENCRYPT REQUEST-START
> td: recv suboption ENCRYPT SUPPORT DES_CFB64 DES_OFB64
> td: recv suboption NAWS 0 87 (87) 0 62 (62)
> td: send do OLD-ENVIRON
> td: recv wont OLD-ENVIRON
> td: recv suboption TERMINAL-SPEED IS 38400,38400
> td: recv suboption X-DISPLAY-LOCATION IS "192.0.0.116:0.0"
> td: recv suboption NEW-ENVIRON IS VAR "USER" VALUE "root" VAR 
> "DISPLAY" VALUE "192.0.0.116:0.0"
> telnetd: Authorization failed.
> Connection closed by foreign host.
> #
>
> And I tried the same with the telnet/telnetd MIT distribution:
>
> # bin/telnet -l root -x CERBERUS.CTXFARMS.ARANEA.COM
> Trying 192.0.0.116...
> Connected to CERBERUS (192.0.0.116).
> Escape character is '^]'.
> Waiting for encryption to be negotiated...
> td: send do AUTHENTICATION
> td: recv will AUTHENTICATION
> td: send suboption AUTHENTICATION SEND KERBEROS_V5 
> CLIENT|MUTUAL|ENCRYPT KERBEROS_V5 CLIENT|MUTUAL|ENCRYPT KERBEROS_V5 
> CLIENT|ONE-WAY|ENCRYPT
> td: recv do ENCRYPT
> td: send will ENCRYPT
> td: recv will ENCRYPT
> td: send do ENCRYPT
> td: send suboption ENCRYPT SUPPORT DES_CFB64 DES_OFB64
> td: recv do SUPPRESS GO AHEAD
> td: send will SUPPRESS GO AHEAD
> td: recv will TERMINAL TYPE
> td: send do TERMINAL TYPE
> td: recv will NAWS
> td: send do NAWS
> td: recv will TSPEED
> td: send do TSPEED
> td: recv will LFLOW
> Authentication negotation has failed, which is required for
> encryption.  Good bye.
> td: send do LFLOW
> td: recv will LINEMODE
> td: send dont LINEMODE
> td: recv will NEW-ENVIRON
> td: send do NEW-ENVIRON
> td: recv do STATUS
> td: send will STATUS
> td: recv will XDISPLOC
> td: send do XDISPLOC
>
> #
>
> I have no idea why the authentication negotiation is failed.
>
> Pleas HELP!!!!!
>
Well, after a while, I realized that the host service wasn't added to my 
KDC database, so I added with kadmin:

kadmin>ank --random_key  host/cerberus

and I also copied to the keytab file:
kadmin>ext_keytab host/cerberus


After this I tried the ftp/ftpd and telnet/telnetd MIT kerberos 
distribution and is working wrght!!!! (Yes they are working with the 
heimdal kdc server)

However, if I use the ftp/ftpd and telnet/telnetd HEimdal distribution 
I'm unable to get authenticated!!!

Some idea what is happening.

>

hi,
on the server not on the kdc
i deleted /etc/krb5.keytab
then i started kadmin
now add --random-key host/server.ffm.sbs.de    # the fullqdn-name
ext host/server.ffm.sbs.de

then it works with both telnet/telnetd and visavers
i think there was a wrong entry in the /etc/krb5.keytab on the
telnetd-server
but only MIT ftp to Heimdal-ftpd and MIT-ftpd works
heimdal-ftpclient generates errors on both ftpd
*******
../bin/ftp de4a618c
Connected to de4a618c.ffm.sbs.de.
220 de4a618c FTP server (Version 6.00+heimdal-0.4d) ready.
Trying GSSAPI...
Error: expected ADAT in reply. got: 535 foo?

*** Using plaintext user and password ***
****************

what does this mean????

also there are problems at incremental propagation.

starting ipropd-slave kerberos.ffm.sbs.de

i got in the messages-file
2002-01-18T08:56:27 krb5_sendauth: Matching credential not found

in the /var/heimdal/slaves file on the kdc-server i added 

iprop/kerberos.ffm.sbs.de@FFM.SBS.DE


may there be any answers?

best regards

Frank Schwarz
Siemens Business Services GmbH & Co OhG
SBS ITS ORS SIM
Lyoner Straße 27

60528 Frankfurt

Tel.: +49 69 6682 5470

Prev by Date: Re: telnet problem
Next by Date: [Q] Compiling under OpenBSD 3.0
Prev by thread: Re: telnet problem
Next by thread: [Q] Compiling under OpenBSD 3.0
Index(es):
- Date
- Thread