[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Re: kfw-3.0 can't obtain tickets from heimdal kdc 0.7.1(Bad address



Jeffrey Altman <jaltman2@nyc.rr.com> wrote:
From: Jeffrey Altman <jaltman2@nyc.rr.com>
Date: Sat, 17 Dec 2005 15:58:23 GMT
To: kerberos@MIT.EDU
Subject: Re: kfw-3.0 can't obtain tickets from heimdal kdc 0.7.1(Bad address

jay alvarez wrote:
>
> Jeffrey Altman wrote: Both of the Heimdal KDCs I have access to work fine but I do
> not know what version of Heimdal they are using.
> Before, I use to have a heimdal-0.6.x + Leash ticket manager(kfw2.6.5) and it is working fine also.
> NetIdMgr will not request a ticket using addresses.
> I guess this is true as I cannot find a checkbox or option button anywhere in the NetIDMgr where this can be set.
> An "incorrect net address" error should mean that the addresses wit! hin theticket do not correspond to any of the addresses listed in
> the ticket request.


> Do you have a [libdefaults] entry "noaddresses = false" ?
> If so, does it make a difference if you change it to "true"?
> "noaddresses = false" only works with Leash and not with NetIDMgr. From Leash, I can obtain tickets when this is set to false but not with NetIDMgr.

does this statement mean that NetIDMgr will obtain tickets if
"noaddresses = true"

If so, it would appear the problem is that NetIDMgr may not be properly
requesting no address tickets

please open a bug for this at kfw-bugs@mit.edu

> Also, when I use the putty-with-gssapi found at this link:
> http://www.sweb.cz/v_t_m/
> http://www.sweb.cz/v_t_m/putty/PuTTY-0.58-GSSAPI-2005-07-24.zip
>
> using tickets obtained by Leash on a heimdal 0.7.1 kdc
>
> I get an error in the sshd debugging window saying:
&! gt;
> "encryption type 18 not supported"
>
> Is this the ticket encryption type or the ssh encryption type?

type 18 is AES256. You can check this by looking at the properties
dialog for the service ticket in NetIdMgr or at the enctype list in
Leash. The Kerberos used to build sshd may not support AES256 and
yet AES256 is in the list of keys associated with the principal in
your Kerberos Database.

Jeffrey Altman
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com