From: Jeffrey Altman <firstname.lastname@example.org>
Date: Sat, 17 Dec 2005 15:58:23 GMT
Subject: Re: kfw-3.0 can't obtain tickets from heimdal kdc 0.7.1(Bad address
jay alvarez wrote:
> Jeffrey Altman
wrote: Both of the Heimdal KDCs I have access to work fine but I do
> not know what version of Heimdal they are using.
> Before, I use to have a heimdal-0.6.x + Leash ticket manager(kfw2.6.5) and it is working fine also.
> NetIdMgr will not request a ticket using addresses.
> I guess this is true as I cannot find a checkbox or option button anywhere in the NetIDMgr where this can be set.
> An "incorrect net address" error should mean that the addresses wit! hin theticket do not correspond to any of the addresses listed in
> the ticket request.
> Do you have a [libdefaults] entry "noaddresses = false" ?
> If so, does it make a difference if you change it to "true"?
> "noaddresses = false" only works with Leash and not with NetIDMgr. From Leash, I can obtain tickets when this is set to false but not with NetIDMgr.
does this statement mean that NetIDMgr will obtain tickets if
"noaddresses = true"
If so, it would appear the problem is that NetIDMgr may not be properly
requesting no address tickets
please open a bug for this at email@example.com
> Also, when I use the putty-with-gssapi found at this link:
> using tickets obtained by Leash on a heimdal 0.7.1 kdc
> I get an error in the sshd debugging window saying:
> "encryption type 18 not supported"
> Is this the ticket encryption type or the ssh encryption type?
type 18 is AES256. You can check this by looking at the properties
dialog for the service ticket in NetIdMgr or at the enctype list in
Leash. The Kerberos used to build sshd may not support AES256 and
yet AES256 is in the list of keys associated with the principal in
your Kerberos Database.
Kerberos mailing list Kerberos@mit.edu
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around