[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Heimdal telnetd in Solaris: IPV6 problems?


I'm deploying kerberized services (telnet/ftp) on several different Unix 
OS's as part of the new Kerberos Realm. I have compiled Heimdal in Solaris 8 
(64 bits) and all the commands work as expected, but telnetd is not working 
as expected. Solaris has the 'tcp6' option in the protocol section in 
/etc/inetd.conf, and I think that the problems are indeed related to IPV6. 
When compiled with IPv6 support (the default behaviour IIRC) I get the 
follogin error: 

Waiting for encryption to be negotiated...
[ Trying mutual KERBEROS5 (host/ciscokid.net.itlog.pt@NET.ITLOG.PT)... ]
[ Kerberos V5 refuses authentication because krb5_sock_to_principal failed ]
[ Trying KERBEROS5 (host/ciscokid.net.itlog.pt@NET.ITLOG.PT)... ]
[ Kerberos V5 refuses authentication because krb5_sock_to_principal failed ] 


The logs show me that the client is making DNS queries using IPv6 (the 
client is a GNU/Linux box running Debian, and it has IPv6 support). Using 
tcp or tcp6 in inetd.conf doesn't make any difference. 

I also compiled --without-ipv6 but the error persists. If I use 'tcp' in 
inetd.conf the same error occurs (krb5_sock_to_principal failed), and if I 
use tcp6 it gives me "krb5_auth_con_setaddrs_from_fd failed", which is more 
or less normal since I compiled it without IPv6. 

So I'm running out of ideas here... I need to have telnetd running in more 
Solaris servers but this IPv6 thing is a show-stopper... I am pretty sure it 
is IPv6 related, but I could be wrong. BTW the ftpd works as expected. 

Anyone with similar problems? Is there any known fix? I will gladly provide 
any aditional info required (logs, traces, etc).