[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

0.4e Client Issues

   I am having some difficulty getting kerberos client software to
authenticate against the KDC.  My KDC is kdc1, and the client is client1 and
I have added principals for host/kdc1, ftp/kdc1, host/client1, ftp/client1
and a local principal for my login name (sean@REALM).  I've tested this with
ftp and telnet, and I can successfully login to the kdc via telnet or ftp
from both the kdc, and client1.  However, I have not been able to
successfully ftp or telnet from the kdc to the client, or from the client to
itself.  I extracted the database from kadmin onto the client, ran the
correct daemons and whatnot, but when I try ftp'ing in, I get this error:

220 FTP server (Version 6.00+heimdal-0.4e) ready.
Trying GSSAPI...
Error: expected ADAT in reply. got: 535 foo?

...and in the kdc log file I get:

2002-06-10T16:14:21 TGS-REQ sean@REALM from IPv4:<client ip> for
krbtgt/REALM@REALM [forwarded, forwardable]
2002-06-10T16:14:21 Bad request for forwardable ticket
2002-06-10T16:14:21 sending 150 bytes to IPv4:<client ip>

At which point it reverts to plaintext.  If I try telnetting (with -D
options in inetd) from the client to the client, the only errror I really
see is "Authorization Failed", and nothing in the kdc log file which isn't
very helpful.

I am not certain what I'm missing here.  I am able to get tickets, use
kadmin remotely, and generally get to the kdc, but I am obviously missing
something on the client side.  The client documentation seems to be sorely
lacking, and I'd appreciate any help (expedient at best :) ) I could get.
If you need more info, feel free to email me.