[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

=?gb2312?q?=BB=D8=B8=B4=A3=BA=20Re:=20=BB=D8=B8=B4=A3=BA=20Re:=20=BB=D8?==?gb2312?q?=B8=B4=A3=BA=20Re:=20kerberos=20setup,=20basic=20questions?=

To: heimdal-discuss@sics.se, "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Subject: =?gb2312?q?=BB=D8=B8=B4=A3=BA=20Re:=20=BB=D8=B8=B4=A3=BA=20Re:=20=BB=D8?==?gb2312?q?=B8=B4=A3=BA=20Re:=20kerberos=20setup,=20basic=20questions?=
From: =?gb2312?q?=CD=F5=ABh?= <wangyue0921@yahoo.com.cn>
Date: Thu, 3 Jul 2008 16:04:07 +0800 (CST)
Cc: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>, Harald Barth <haba@kth.se>, lha@kth.se, commercials@gmx.net
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.cn; h=X-YMail-OSG:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=HxMxFwob2lioyQpW7Kv4AUVafah52PFruSYpiWCVxJeaMcai54HY7jxau93g3X8EBb6TVKC/LOmghesPYZbzAqAdziMFv072YgjehyKUK9LH+nFHhubpLvJGsXfXkIuz3DL9qIUiV4HSsQODub0LTqY33BEpX1qYbquhhrnhVrk=;
In-Reply-To: <73DECB65-FDF6-44A4-8C24-7041AA35C3CC@ece.cmu.edu>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Reply-To: heimdal-discuss@sics.se, =?gb2312?q?=CD=F5=ABh?= <wangyue0921@yahoo.com.cn>

Thanks for Brandon, Harald and Joakim's advice.
I tried and got krb5.keytab successfully.

But it is so strange that when i run heimdal's telnet
on kerberosC to connect heimdal's telnetd on
kerberosKDC, it seems that the connection was not
kerberosized, as following:

[root@kerberosC bin]# ./telnet 192.168.0.30
Trying 192.168.0.30...
Connected to 192.168.0.30.
Escape character is '^]'.
Waiting for encryption to be negotiated...

*** Connection not encrypted! Communication may be
eavesdropped. ***
Encryption negotiated.
Password: 

My question is:
1. Are there some parameters of the command "./telnet"
for kerberos connection? As mentioned above, it may be
a non-kerberos connection.
2. When i run kinit on kerberosC, the clinet got
TGT.(The captured packages are AS-REQ and AS-REP). And
When to get TGS? Does "TGS-REQ to TGS-REQ exchange"
happen when I run heimal's telnet on kerberosC?

Thanks

Wang Yue

--- "Brandon S. Allbery KF8NH"
<allbery@ece.cmu.edu>写道:

> 
> On 2008 Jul 2, at 7:39, 王玥 wrote:
> 
> > 5. create a principal and makes krb5.keytab on
> > kerberosKDC
> > kadmin> add -r host/kerberosKDC.WEDGIE.ORG
> > kadmin: connect(192.168.0.30): Connection refused
> 
> Did you start kadmind on kerberosKDC?
> 
> > snuffy:501 Z$ bos status e-xing -long
> (...)
> > Instance kdc, (type is simple) currently running
> normally.
> >     Process last started at Wed Jul  2 01:17:33
> 2008 (4 proc starts)
> >     Last exit at Wed Jul  2 01:17:33 2008
> >     Command 1 is '/usr/local/libexec/kdc'
> >
> > Instance kadmind, (type is simple) currently
> running normally.
> >     Process last started at Sun Jun 29 03:30:19
> 2008 (1 proc starts)
> >     Command 1 is '/usr/local/libexec/kadmind'
> >
> > Instance iprop-m, (type is simple) has core file,
> currently running  
> > normally.
> >     Process last started at Sun Jun 29 03:30:19
> 2008 (1 proc starts)
> >     Command 1 is
> '/usr/local/libexec/ipropd-master'
> >
> > Instance kpasswd, (type is simple) currently
> running normally.
> >     Process last started at Sun Jun 29 03:30:19
> 2008 (1 proc starts)
> >     Command 1 is '/usr/local/libexec/kpasswdd'
> >
> > Instance kdcbackup, (type is cron) currently
> running normally.
> >     Auxiliary status is: run next at Wed Jul  2
> 18:06:00 2008.
> >     Process last started at Tue Jul  1 18:06:44
> 2008 (3 proc starts)
> >     Last exit at Tue Jul  1 18:06:52 2008
> >     Command 1 is '/var/heimdal/kdcbackup.sh'
> >     Command 2 is '18:06'
> >
> > Instance kpasswd464, (type is simple) currently
> running normally.
> >     Process last started at Sun Jun 29 03:30:19
> 2008 (1 proc starts)
> >     Command 1 is '/usr/local/libexec/kpasswdd
> --port=464'
> 
> 
> 
> -- 
> brandon s. allbery
> [solaris,freebsd,perl,pugs,haskell]
> allbery@kf8nh.com
> system administrator [openafs,heimdal,too many hats]
> allbery@ece.cmu.edu
> electrical and computer engineering, carnegie mellon
> university    KF8NH
> 
> 
> 



      ___________________________________________________________ 
 雅虎邮箱，您的终生邮箱！ 
http://cn.mail.yahoo.com/

Follow-Ups:
- Re: =?gb2312?B?u9i4tKO6?= Re: =?gb2312?B?u9i4tKO6?= Re:=?gb2312?B?u9i4tKO6?= Re: kerberos setup, basic questions
  - From: Harald Barth <haba@kth.se>

References:
- =?GB2312?Q?Re:_=BB=D8=B8=B4=A3=BA_Re:_=BB=D8=B8=B4=A3=BA_Re:_ker?==?GB2312?Q?beros_setup,_basic_questions?=
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

Prev by Date: Re: kerberized clients in another path
Next by Date: Re: kerberized clients in another path
Prev by thread: =?GB2312?Q?Re:_=BB=D8=B8=B4=A3=BA_Re:_=BB=D8=B8=B4=A3=BA_Re:_ker?==?GB2312?Q?beros_setup,_basic_questions?=
Next by thread: Re: =?gb2312?B?u9i4tKO6?= Re: =?gb2312?B?u9i4tKO6?= Re:=?gb2312?B?u9i4tKO6?= Re: kerberos setup, basic questions
Index(es):
- Date
- Thread