[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Testing
ett tva
From owner-ktelnet-talkers@stacken.kth.se Thu Sep 2 20:38:48 1999
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id UAA09281
for ktelnet-talkers-list; Thu, 2 Sep 1999 20:38:48 +0200 (MET DST)
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id UAA09274
for ktelnet-announce-list; Thu, 2 Sep 1999 20:38:43 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id UAA09269
for <ktelnet-announce@stacken.kth.se>; Thu, 2 Sep 1999 20:38:40 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id UAA15369
for ktelnet-announce@stacken.kth.se; Thu, 2 Sep 1999 20:38:39 +0200 (MET DST)
Date: Thu, 2 Sep 99 20:38:37 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: ktelnet-announce@stacken.kth.se
Subject: Testing.
Message-ID: <CMM.0.90.4.936297517.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Foo!
From owner-ktelnet-talkers@stacken.kth.se Mon Sep 27 18:35:12 1999
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id SAA09718
for ktelnet-talkers-list; Mon, 27 Sep 1999 18:35:12 +0200 (MET DST)
Received: from mail1.panix.com (mail1.panix.com [166.84.0.212])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id SAA09714
for <ktelnet-talkers@stacken.kth.se>; Mon, 27 Sep 1999 18:35:08 +0200 (MET DST)
Received: from panix3.panix.com (panix3.panix.com [166.84.0.228])
by mail1.panix.com (Postfix) with ESMTP
id 17E5130ECB; Mon, 27 Sep 1999 12:35:07 -0400 (EDT)
Date: Mon, 27 Sep 1999 12:35:06 -0400 (EDT)
From: "Charles R. Hurley" <crh@panix.com>
To: ktelnet-talkers@stacken.kth.se
Cc: crh@panix.com
Subject: Ktelnet V1.02.950 and Kerberos V
In-Reply-To: <19990927162549.AF6A531016@mail1.panix.com>
Message-ID: <Pine.GSU.4.05.9909271227510.29549-100000@panix3.panix.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Hi All,
Does Ktelnet support Kerberos V? My ISP runs both Kerberos IV and V, but
Ktelnet only connects using Kerberos IV. How do I configure Ktelnet to
use Kerberos V?
PS: The Ktelnet homepage has the ktelnet-talkers domain as stacken.krh.se,
which is wrong. It's suppose to be stacken.kth.se.
Thank you,
Charles R. Hurley
http://www.panix.com/~crh
From owner-ktelnet-talkers@stacken.kth.se Wed Sep 29 20:18:19 1999
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id UAA21271
for ktelnet-talkers-list; Wed, 29 Sep 1999 20:18:19 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id UAA21264;
Wed, 29 Sep 1999 20:18:12 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id UAA15580;
Wed, 29 Sep 1999 20:18:11 +0200 (MET DST)
Date: Wed, 29 Sep 99 20:18:11 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: "Charles R. Hurley" <crh@panix.com>
Cc: ktelnet-talkers@stacken.kth.se, crh@panix.com
Subject: Re: Ktelnet V1.02.950 and Kerberos V
In-Reply-To: Your message of Mon, 27 Sep 1999 12:35:06 -0400 (EDT)
Message-ID: <CMM.0.90.4.938629091.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
"Charles R. Hurley" <crh@panix.com>:
>
> Hi All,
>
> Does Ktelnet support Kerberos V? My ISP runs both Kerberos IV and V, but
> Ktelnet only connects using Kerberos IV. How do I configure Ktelnet to
> use Kerberos V?
>
No, KTelnet doesn't not support K5, at least not yet....
When HEIMDAL (KTH's implementation of K5) gets a little bit more finished
I have the goal to add it to KTelnet.
> PS: The Ktelnet homepage has the ktelnet-talkers domain as stacken.krh.se,
> which is wrong. It's suppose to be stacken.kth.se.
>
Oh dear... OK, I have just fixed it!
/thn
From owner-ktelnet-talkers@stacken.kth.se Thu Dec 2 23:12:49 1999
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id XAA14738
for ktelnet-talkers-list; Thu, 2 Dec 1999 23:12:49 +0100 (MET)
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id XAA14729
for ktelnet-announce-list; Thu, 2 Dec 1999 23:12:43 +0100 (MET)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id XAA14721
for <ktelnet-announce@stacken.kth.se>; Thu, 2 Dec 1999 23:12:38 +0100 (MET)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id XAA02649
for ktelnet-announce@stacken.kth.se; Thu, 2 Dec 1999 23:12:38 +0100 (MET)
Date: Thu, 2 Dec 99 23:12:37 MET
From: Thomas Nystrom <thn@stacken.kth.se>
To: ktelnet-announce@stacken.kth.se
Subject: Beta version of KTELNET V2.00 now available.
Message-ID: <CMM.0.90.4.944172757.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
This new version of KTELNET have two main features:
- New graphical FTP interface.
- Support for some types of firewalls.
This makes it possible to go out through a firewall with
normal kerberos security. The firewall must have a HTTP proxy
and support 'CONNECT'.
You find KTELNET at the usual URL:
http://www.stacken.kth.se/~thn/ktelnet
and the new beta version on
http://www.stacken.kth.se/~thn/ktelnet/beta
/Thomas
From owner-ktelnet-talkers@stacken.kth.se Wed Jan 26 10:10:29 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id KAA29996
for ktelnet-talkers-list; Wed, 26 Jan 2000 10:10:28 +0100 (MET)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id KAA29992;
Wed, 26 Jan 2000 10:10:23 +0100 (MET)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id KAA00394;
Wed, 26 Jan 2000 10:10:22 +0100 (MET)
Date: Wed, 26 Jan 2000 10:10:21 MET
From: Thomas Nystrom <thn@stacken.kth.se>
To: Lucas Fisher <ljfisher@iastate.edu>
Subject: Re: windows ktelnet
In-Reply-To: Your message of Mon, 24 Jan 2000 21:54:54 -0600
Cc: krb4@sics.se, ktelnet-talkers@stacken.kth.se
Message-ID: <CMM.0.90.4.948877821.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Lucas Fisher <ljfisher@iastate.edu>:
>
> I like your windows ktelnet. It's small and simple, unlike HostExplorer
> which is what my University gives students.
>
> Anyway, there is a problem with how ktelnet resolves hosts. It's a minor
> problem, but worth looking into. Our computation center had to modify
> the unix telnet client to fix this problem also. Our main telnet server
> has the name 'isua', but DNS will return any of 5 different ips which
> resolve to the names 'isua1', 'isua2', etc. When trying to connect to
> 'isua' ktelnet will get a ticket for isua:
> rcmd.isua@IASTATE.EDU
> Trying to use the ticket will result in the error:
> Can't decode authenticator (krb_rd_req)
>
> If I instead connect to isua2 I will get a ticket:
> rcmd.isua2@IASTATE.EDU
> and everything will work fine.
>
Well... It is not easy to fix. What KTelnet (KTH-KRB's Telnet client
does) that is looks up the name isua and get a IP-address. Then it
makes reverse dns lookup and tries to find the real name for the host.
In this case it might get isua2. It then builds the ticket:
'rcmd.isua2@IASTATE.EDU'. Ok, this should work! But it dont't, why?
I just checked and that seems that the Microsoft's implementation
if the DNS client makes something wrong!
The MS version uses the information in the record received for isua
even when I make the reverse lookup to find out the ticket name!
It should have asked the DNS server about the name for the IP address
but it doesn't! Sigh. Microsoft sucks. I have thinked about writing
my own DNS client code and now I have one more reason.....
> From what I hear this is a simple fix, but I don't know the details of
> the needed code. I could probably get more info if you would like it.
>
> I was using ktelnet version 2.00.950
>
I will look into the problem and see if I can make some workaround....
/thn
From owner-ktelnet-talkers@stacken.kth.se Tue Apr 18 22:20:35 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id WAA05450
for ktelnet-talkers-list; Tue, 18 Apr 2000 22:20:32 +0200 (MET DST)
Received: from MailAndNews.com (MailAndNews.com [199.29.68.160])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id WAA05445
for <ktelnet-talkers@stacken.kth.se>; Tue, 18 Apr 2000 22:20:27 +0200 (MET DST)
Received: from hermes [209.183.207.160] (samstern@mailandnews.com); Tue, 18 Apr 2000 16:20:23 -0400
X-WM-Posted-At: MailAndNews.com; Tue, 18 Apr 00 16:20:23 -0400
From: "Sam Stern" <samstern@mailandnews.com>
To: "Ktelnet-Talkers" <ktelnet-talkers@stacken.kth.se>
Subject: Ktelnet V1.03.950 and OpenBSD 2.6
Date: Tue, 18 Apr 2000 16:20:23 -0400
Message-ID: <LPBBJHNMCNGPMPKEOBJHAEGADFAA.samstern@mailandnews.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
All,
I just installed ktelnet to connect to my OpenBSD 2.6 box and am
having a tad bit of a problem. I go to Ticket Manager to get a ticket.
This works fine.
Then I go to Ktelnet and enter my server then I receive:
[ Connection closed ]
td: send do AUTHENTICATION
[ Trying mutual KERBEROS4 ... ]
td: recv will AUTHENTICATION
td: send suboption AUTHENTICATION SEND KERBEROS_V4 CLIENT|
MUTUAL KERBEROS_V4 CLIENT|ONE-WAY
td: recv suboption AUTHENTICATION NAME "
td: recv suboption AUTHENTICATION IS KERBEROS_V4 CLIENT|MU
TUAL AUTH <snip! that's my ticket!>
td: send will ENCRYPT
[ Kerberos V4 didn't accept you ]
[ Reason: Can't decode authenticator (krb_rd_req) ]
[ Connection closed ]
td: send do ENCRYPT
td: send do TERMINAL TYPE
td: send do TSPEED
td: send do XDISPLOC
td: send do NEW-ENVIRON
td: send do OLD-ENVIRON
NB: I'm running "telnet -D options" to receive the extra diagnostic
stuff
here's my kerberos.log extracts:
18-Apr-2000 14:20:06: AS REQ usr.@relm for krbtgt.relm from ip
(udp/750)
18-Apr-2000 14:20:06: APPL REQ usr.@relm for rcmd.isis from ip
(udp/750)
18-Apr-2000 14:23:07: AS REQ usr.@relm for krbtgt.relm from ip
(udp/750)
18-Apr-2000 14:23:15: APPL REQ usr.@relm for rcmd.isis from ip
(udp/750)
Any help you can provide would be appreciated!
Sam Stern, Bethesda, MD, USA PGP ID:0x949342F9
mailto:samstern@mailandnews.com
From owner-ktelnet-talkers@stacken.kth.se Tue Apr 18 22:29:14 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id WAA05597
for ktelnet-talkers-list; Tue, 18 Apr 2000 22:29:10 +0200 (MET DST)
Received: from watsun.cc.columbia.edu (IDENT:cu51491@watsun.cc.columbia.edu [128.59.39.2])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id WAA05593
for <ktelnet-talkers@stacken.kth.se>; Tue, 18 Apr 2000 22:29:06 +0200 (MET DST)
Received: (from jaltman@localhost)
by watsun.cc.columbia.edu (8.8.5/8.8.5) id QAA19496;
Tue, 18 Apr 2000 16:28:58 -0400 (EDT)
Date: Tue, 18 Apr 2000 16:28:57 EDT
From: Jeffrey Altman <jaltman@columbia.edu>
Reply-To: jaltman@columbia.edu
To: "Sam Stern" <samstern@mailandnews.com>
Cc: "Ktelnet-Talkers" <ktelnet-talkers@stacken.kth.se>
Subject: Re: Ktelnet V1.03.950 and OpenBSD 2.6
In-Reply-To: Your message of Tue, 18 Apr 2000 16:20:23 -0400
Message-ID: <CMM.0.90.4.956089737.jaltman@watsun.cc.columbia.edu>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
> All,
>
> I just installed ktelnet to connect to my OpenBSD 2.6 box and am
> having a tad bit of a problem. I go to Ticket Manager to get a ticket.
> This works fine.
> Then I go to Ktelnet and enter my server then I receive:
>
>
>
> [ Connection closed ]
> td: send do AUTHENTICATION
> [ Trying mutual KERBEROS4 ... ]
> td: recv will AUTHENTICATION
> td: send suboption AUTHENTICATION SEND KERBEROS_V4 CLIENT|
> MUTUAL KERBEROS_V4 CLIENT|ONE-WAY
> td: recv suboption AUTHENTICATION NAME "
> td: recv suboption AUTHENTICATION IS KERBEROS_V4 CLIENT|MU
> TUAL AUTH <snip! that's my ticket!>
> td: send will ENCRYPT
> [ Kerberos V4 didn't accept you ]
> [ Reason: Can't decode authenticator (krb_rd_req) ]
>
> [ Connection closed ]
> td: send do ENCRYPT
> td: send do TERMINAL TYPE
> td: send do TSPEED
> td: send do XDISPLOC
> td: send do NEW-ENVIRON
> td: send do OLD-ENVIRON
>
>
>
> NB: I'm running "telnet -D options" to receive the extra diagnostic
> stuff
Who is producing this output? The above negotiations appear to be
from the perspective of the Telnetd not the Telnet client.
"Can't decode the authenticator" means that the Telnet Server could
not decode the ticket provided by the client. This means that the
server does not have access to a keytab containing the appropriate
key; the key has changed since the last keytab update; or the client
is sending a ticket for the wrong host.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * kermit-support@kermit-project.org
From owner-ktelnet-talkers@stacken.kth.se Tue Apr 18 23:01:41 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id XAA06294
for ktelnet-talkers-list; Tue, 18 Apr 2000 23:01:25 +0200 (MET DST)
Received: from MailAndNews.com (MailAndNews.com [199.29.68.160])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id XAA06290
for <ktelnet-talkers@stacken.kth.se>; Tue, 18 Apr 2000 23:01:19 +0200 (MET DST)
Received: from hermes [209.183.207.160] (samstern@mailandnews.com); Tue, 18 Apr 2000 17:00:59 -0400
X-WM-Posted-At: MailAndNews.com; Tue, 18 Apr 00 17:00:59 -0400
From: "Sam Stern" <samstern@mailandnews.com>
To: <jaltman@columbia.edu>
Cc: "Ktelnet-Talkers" <ktelnet-talkers@stacken.kth.se>
Subject: RE: Ktelnet V1.03.950 and OpenBSD 2.6
Date: Tue, 18 Apr 2000 17:00:58 -0400
Message-ID: <LPBBJHNMCNGPMPKEOBJHIEGCDFAA.samstern@mailandnews.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <CMM.0.90.4.956089737.jaltman@watsun.cc.columbia.edu>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Mr. Altman,
> Who is producing this output? The above negotiations appear to be
> from the perspective of the Telnetd not the Telnet client.
This is the output as captured from the ktelnet client's screen after
having used "login" from the ticket manager. The server is running
from inetd as "...telnetd -D options" on the OBSD box so that it shows
extra debugging information.
>
> "Can't decode the authenticator" means that the Telnet Server could
> not decode the ticket provided by the client. This means that the
> server does not have access to a keytab containing the appropriate
> key; the key has changed since the last keytab update; or the client
> is sending a ticket for the wrong host.
Hmm. I'll check my configuration perhaps I set Kerberos up
incorrectly. Perhaps it's an OS side issue and not a client issue.
Thanks for the clue.
Sam Stern, Bethesda, MD, USA PGP ID:0x949342F9
mailto:samstern@mailandnews.com
From owner-ktelnet-talkers@stacken.kth.se Wed Apr 19 09:57:09 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id JAA18255
for ktelnet-talkers-list; Wed, 19 Apr 2000 09:57:04 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id JAA18251;
Wed, 19 Apr 2000 09:56:57 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id JAA27793;
Wed, 19 Apr 2000 09:56:56 +0200 (MET DST)
Date: Wed, 19 Apr 2000 9:56:55 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: "Sam Stern" <samstern@mailandnews.com>
Cc: <jaltman@columbia.edu>, "Ktelnet-Talkers" <ktelnet-talkers@stacken.kth.se>
Subject: RE: Ktelnet V1.03.950 and OpenBSD 2.6
In-Reply-To: Your message of Tue, 18 Apr 2000 17:00:58 -0400
Message-ID: <CMM.0.90.4.956131015.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
"Sam Stern" <samstern@mailandnews.com>:
> >
> > "Can't decode the authenticator" means that the Telnet Server could
> > not decode the ticket provided by the client. This means that the
> > server does not have access to a keytab containing the appropriate
> > key; the key has changed since the last keytab update; or the client
> > is sending a ticket for the wrong host.
>
> Hmm. I'll check my configuration perhaps I set Kerberos up
> incorrectly. Perhaps it's an OS side issue and not a client issue.
>
> Thanks for the clue.
>
Check also the daytime on the server and on the client, usally you get
a "Time is out of bounds" error if this is the cause but it might also
show up as a "Can't decode authenticator"!
/thn
From owner-ktelnet-talkers@stacken.kth.se Thu Apr 20 00:27:38 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id AAA06984
for ktelnet-talkers-list; Thu, 20 Apr 2000 00:27:32 +0200 (MET DST)
Received: from MailAndNews.com (MailAndNews.com [199.29.68.160])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id AAA06979;
Thu, 20 Apr 2000 00:27:26 +0200 (MET DST)
Received: from hermes [209.183.207.160] (samstern@mailandnews.com); Wed, 19 Apr 2000 18:27:21 -0400
X-WM-Posted-At: MailAndNews.com; Wed, 19 Apr 00 18:27:21 -0400
From: "Sam Stern" <samstern@mailandnews.com>
To: "Thomas Nystrom" <thn@stacken.kth.se>
Cc: <jaltman@columbia.edu>, "Ktelnet-Talkers" <ktelnet-talkers@stacken.kth.se>
Subject: RE: Ktelnet V1.03.950 and OpenBSD 2.6
Date: Wed, 19 Apr 2000 18:27:16 -0400
Message-ID: <LPBBJHNMCNGPMPKEOBJHCEJJDFAA.samstern@mailandnews.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <CMM.0.90.4.956131015.thn@pizza.stacken.kth.se>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Importance: Normal
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Thomas,
Thanks for your reply regarding this issue. I have both systems
running NTP off of the same server (ntp.css.gov). I checked the time
difference between the systems and found less than second's
difference.
However, the problem seems to be an implementation issue and not a
Ktelnet issue. After receiving Mr. Altman's detailed message regarding
potential issues I did what I should have done in the first place:
on my open bsd box I tried to telnet 127.0.0.1 and guess what?
Kerberos IV authorization also failed. I've examined the issue and
it's an OS (or person who installed the OS implementation) issue and
not a ktelnet issue at all.
At the same time, my client's lawyer examined the licensing and
approved the deployment. My employer wants me to concentrate on KRB5
and not KRB4 because of the native support in Win2k professional
(deployment time frame: 4th Q 2000). Does anyone know if Ktelnet
supports KRB5?
Thanks for all your folks!
Sam
> -----Original Message-----
> From: owner-ktelnet-talkers@stacken.kth.se
> [mailto:owner-ktelnet-talkers@stacken.kth.se]On Behalf Of
> Thomas Nystrom
> Sent: Wednesday, April 19, 2000 4:57 AM
> To: Sam Stern
> Cc: jaltman@columbia.edu; Ktelnet-Talkers
> Subject: RE: Ktelnet V1.03.950 and OpenBSD 2.6
>
>
> "Sam Stern" <samstern@mailandnews.com>:
> > >
> > > "Can't decode the authenticator" means that the Telnet
> Server could
> > > not decode the ticket provided by the client. This
> means that the
> > > server does not have access to a keytab containing the
> appropriate
> > > key; the key has changed since the last keytab update;
> or the client
> > > is sending a ticket for the wrong host.
> >
> > Hmm. I'll check my configuration perhaps I set Kerberos up
> > incorrectly. Perhaps it's an OS side issue and not a client issue.
> >
> > Thanks for the clue.
> >
>
> Check also the daytime on the server and on the client,
> usally you get
> a "Time is out of bounds" error if this is the cause but it
> might also
> show up as a "Can't decode authenticator"!
>
> /thn
>
From owner-ktelnet-talkers@stacken.kth.se Thu Apr 20 00:29:45 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id AAA07009
for ktelnet-talkers-list; Thu, 20 Apr 2000 00:29:34 +0200 (MET DST)
Received: from watsun.cc.columbia.edu (IDENT:cu51491@watsun.cc.columbia.edu [128.59.39.2])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id AAA07004;
Thu, 20 Apr 2000 00:29:30 +0200 (MET DST)
Received: (from jaltman@localhost)
by watsun.cc.columbia.edu (8.8.5/8.8.5) id SAA10881;
Wed, 19 Apr 2000 18:29:12 -0400 (EDT)
Date: Wed, 19 Apr 2000 18:29:12 EDT
From: Jeffrey Altman <jaltman@columbia.edu>
Reply-To: jaltman@columbia.edu
To: "Sam Stern" <samstern@mailandnews.com>
Cc: "Thomas Nystrom" <thn@stacken.kth.se>,
"Ktelnet-Talkers" <ktelnet-talkers@stacken.kth.se>
Subject: RE: Ktelnet V1.03.950 and OpenBSD 2.6
In-Reply-To: Your message of Wed, 19 Apr 2000 18:27:16 -0400
Message-ID: <CMM.0.90.4.956183352.jaltman@watsun.cc.columbia.edu>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
> Thomas,
>
> Thanks for your reply regarding this issue. I have both systems
> running NTP off of the same server (ntp.css.gov). I checked the time
> difference between the systems and found less than second's
> difference.
>
> However, the problem seems to be an implementation issue and not a
> Ktelnet issue. After receiving Mr. Altman's detailed message regarding
> potential issues I did what I should have done in the first place:
>
> on my open bsd box I tried to telnet 127.0.0.1 and guess what?
> Kerberos IV authorization also failed. I've examined the issue and
> it's an OS (or person who installed the OS implementation) issue and
> not a ktelnet issue at all.
>
> At the same time, my client's lawyer examined the licensing and
> approved the deployment. My employer wants me to concentrate on KRB5
> and not KRB4 because of the native support in Win2k professional
> (deployment time frame: 4th Q 2000). Does anyone know if Ktelnet
> supports KRB5?
telnet 127.0.0.1 will always fail because you do not have a service
principal host/localhost@REALM
You would need to to the real IP address.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * kermit-support@kermit-project.org
From owner-ktelnet-talkers@stacken.kth.se Thu Apr 20 08:50:00 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id IAA16203
for ktelnet-talkers-list; Thu, 20 Apr 2000 08:49:58 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id IAA16199
for <ktelnet-talkers@stacken.kth.se>; Thu, 20 Apr 2000 08:49:55 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id IAA14962
for "Ktelnet-Talkers" <ktelnet-talkers@stacken.kth.se>; Thu, 20 Apr 2000 08:49:54 +0200 (MET DST)
Date: Thu, 20 Apr 2000 8:49:53 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: "Ktelnet-Talkers" <ktelnet-talkers@stacken.kth.se>
Subject: RE: Ktelnet V1.03.950 and OpenBSD 2.6
In-Reply-To: Your message of Wed, 19 Apr 2000 18:27:16 -0400
Message-ID: <CMM.0.90.4.956213393.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
"Sam Stern" <samstern@mailandnews.com>:
> Thomas,
>
> At the same time, my client's lawyer examined the licensing and
> approved the deployment. My employer wants me to concentrate on KRB5
> and not KRB4 because of the native support in Win2k professional
> (deployment time frame: 4th Q 2000). Does anyone know if Ktelnet
> supports KRB5?
>
No, KTelnet doesn't support KRB5. Yet.
I will before the summer release V2 of KTelnet and it will have
some new features lika a graphical FTP client.
After that I will start working on V3 and the main issue for V3 is
support for KRB5!
/thn
From owner-ktelnet-talkers@stacken.kth.se Thu Apr 20 16:07:41 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id QAA24781
for ktelnet-talkers-list; Thu, 20 Apr 2000 16:07:39 +0200 (MET DST)
Received: from mail2.registeredsite.com (IDENT:root@mail2.registeredsite.com [209.35.159.13])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id QAA24777
for <ktelnet-talkers@stacken.kth.se>; Thu, 20 Apr 2000 16:07:34 +0200 (MET DST)
Received: from mail.ahlander.com ([216.247.73.121])
by mail2.registeredsite.com (8.9.3/8.9.3) with ESMTP id JAA02769
for <ktelnet-talkers@stacken.kth.se>; Thu, 20 Apr 2000 09:06:44 -0400
Received: from p200 [62.20.218.96] by mail.ahlander.com
(SMTPD32-6.00) id AEC42DE100A6; Thu, 20 Apr 2000 10:05:56 -0400
From: "=?iso-8859-1?Q?Henrik_=C5hlander?=" <henrik@ahlander.com>
To: "Ktelnet-Talkers" <ktelnet-talkers@stacken.kth.se>
Subject: =?iso-8859-1?Q?f=F6rslag_till_f=F6rb=E4ttring_+_tack!?=
Date: Thu, 20 Apr 2000 16:07:21 +0200
Message-ID: <000001bfaad1$bf19f760$0101a8c0@p200>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
Importance: Normal
In-Reply-To: <CMM.0.90.4.956213393.thn@pizza.stacken.kth.se>
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Hej Ktelnet-folk,
Jag började nyligen använda kpop proxy server för att hämta mina kthmail.
Ett mycket användbart program! Tack för det!
Jag har ett förslag till förbättring:
När man kollat mailen och sedan kopplar ned Internet och kopplar upp igen
och sedan kollar mailen så får man upp en ruta där man får logga in igen
eftersom den gamla kerberosbiljetten inte fungerar med den nya ipadressen.
Denna ruta dyker dock inte upp längst fram på skärmen utan lägger sig i
bakgrunden bakom andra program. Det borde väl inte vara så svårt att ordna
till nästa version? Det vore också bra om markören kunde hamna på
lösenordsrutan automatiskt så att man slipper använda musen.
I övrigt har jag bara stört mig på att man får skriva in lösenordet uppemot
20 gånger per dag men jag antar att ni har några absurda säkerhetskrav på
er?
Tack än en gång det trevliga programmet,
Henrik Åhlander
e99:a
From owner-ktelnet-talkers@stacken.kth.se Thu Apr 20 17:55:53 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id RAA27140
for ktelnet-talkers-list; Thu, 20 Apr 2000 17:55:52 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id RAA27136;
Thu, 20 Apr 2000 17:55:46 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id RAA22127;
Thu, 20 Apr 2000 17:55:46 +0200 (MET DST)
Date: Thu, 20 Apr 2000 17:55:45 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: "=?iso-8859-1?Q?Henrik_=C5hlander?=" <henrik@ahlander.com>
Subject: Re: =?iso-8859-1?Q?f=F6rslag_till_f=F6rb=E4ttring_+_tack!?=
In-Reply-To: Your message of Thu, 20 Apr 2000 16:07:21 +0200
Cc: "Ktelnet-Talkers" <ktelnet-talkers@stacken.kth.se>
Message-ID: <CMM.0.90.4.956246145.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
<henrik@ahlander.com>:
> Hej Ktelnet-folk,
>
Sorry, wrong language!
> Jag bvrjade nyligen anvdnda kpop proxy server fvr att hdmta mina kthmail.
> Ett mycket anvdndbart program! Tack fvr det!
>
> Jag har ett fvrslag till fvrbdttring:
> Ndr man kollat mailen och sedan kopplar ned Internet och kopplar upp igen
> och sedan kollar mailen se fer man upp en ruta ddr man fer logga in igen
> eftersom den gamla kerberosbiljetten inte fungerar med den nya ipadressen.
> Denna ruta dyker dock inte upp ldngst fram pe skdrmen utan ldgger sig i
> bakgrunden bakom andra program. Det borde vdl inte vara se svert att ordna
> till ndsta version? Det vore ockse bra om markvren kunde hamna pe
> lvsenordsrutan automatiskt se att man slipper anvdnda musen.
>
For non swedish speakers: He wants to have a function that the KTelnet
package brings up the dialogbox for the password in the front of all
other windows. He also wants to have the system automatically place
the cursor in the password field in the dialog.
I have tried to implement this function and it was not easy but I
think it should work! You can get the cursor in the password field by
checking the flag 'Go to password' on the Main properties tab!
> I vvrigt har jag bara stvrt mig pe att man fer skriva in lvsenordet uppemot
> 20 genger per dag men jag antar att ni har negra absurda sdkerhetskrav pe
> er?
>
Non swedish: Now he complains that he has to type his password several
times during a day because he uses a dial-up facility and gets
different IP-addresses each time.
Yes, you must do that. How could the host otherwise know that the
tickets that is used is for the correct guy, the IP-address is used as
the main identification to know that the ticket is valid!
/thn
From owner-ktelnet-talkers@stacken.kth.se Thu Apr 20 18:45:02 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id SAA28417
for ktelnet-talkers-list; Thu, 20 Apr 2000 18:45:01 +0200 (MET DST)
Received: from localhost.localdomain (IDENT:root@[209.35.159.16])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id SAA28413
for <ktelnet-talkers@stacken.kth.se>; Thu, 20 Apr 2000 18:44:56 +0200 (MET DST)
Received: from mail.ahlander.com ([216.247.73.121])
by localhost.localdomain (8.9.3/8.9.3) with ESMTP id LAA23790
for <ktelnet-talkers@stacken.kth.se>; Thu, 20 Apr 2000 11:43:00 -0400
Received: from p200 [62.20.219.52] by mail.ahlander.com
(SMTPD32-6.00) id A3A4C31005E; Thu, 20 Apr 2000 12:43:16 -0400
From: "=?iso-8859-1?Q?Henrik_=C5hlander?=" <henrik@ahlander.com>
To: "Ktelnet-Talkers" <ktelnet-talkers@stacken.kth.se>
Subject: =?iso-8859-1?Q?RE:_f=F6rslag_till_f=F6rb=E4ttring_+_tack!?=
Date: Thu, 20 Apr 2000 18:44:41 +0200
Message-ID: <000001bfaae7$b9a48f00$0101a8c0@p200>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
Importance: Normal
In-Reply-To: <CMM.0.90.4.956246145.thn@pizza.stacken.kth.se>
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
> Non swedish: Now he complains that he has to type his password several
> times during a day because he uses a dial-up facility and gets
> different IP-addresses each time.
>
> Yes, you must do that. How could the host otherwise know that the
> tickets that is used is for the correct guy, the IP-address is used as
> the main identification to know that the ticket is valid!
Like every other userfriendly email and ftp program the client could save
the password in a crypted file or at least kpopproxy could remember it while
it's still running. But if you think someone will hack my computer I can
understand your answer. But there are programs thats checks what the user
writes (for example Netbus) so that isn't 100% secure either.
Thanks any way for your answer,
Henrik
From owner-ktelnet-talkers@stacken.kth.se Sat May 6 21:16:11 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id VAA22403
for ktelnet-talkers-list; Sat, 6 May 2000 21:16:05 +0200 (MET DST)
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id VAA22398
for ktelnet-announce-list; Sat, 6 May 2000 21:16:01 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id VAA22389
for <ktelnet-announce@stacken.kth.se>; Sat, 6 May 2000 21:15:57 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id VAA19795
for ktelnet-announce@stacken.kth.se; Sat, 6 May 2000 21:15:56 +0200 (MET DST)
Date: Sat, 6 May 2000 21:15:56 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: ktelnet-announce@stacken.kth.se
Subject: KTelnet V2.00.950 now ready for download
Message-ID: <CMM.0.90.4.957640556.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
New features in V2.00.950 of KTelnet are:
* Graphical FTP client.
* TELNET through firewalls that supports the HTTP CONNECT command.
* Support for international character sets.
* Profiles to handle different settings for different hosts.
* Better handling of installation under NT.
* Possible to give parameters on commandline for serial port.
You find the latest version on:
http://www.stacken.kth.se/~thn/ktelnet
/thn
From owner-ktelnet-talkers@stacken.kth.se Fri Jun 16 17:53:45 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id RAA28294
for ktelnet-talkers-list; Fri, 16 Jun 2000 17:53:39 +0200 (MET DST)
Received: from mailserv.atco.ca (atcocul4.atco.ca [192.210.10.253])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id RAA28290
for <ktelnet-talkers@stacken.kth.se>; Fri, 16 Jun 2000 17:53:35 +0200 (MET DST)
Received: from gpudocs.atco.ca ([141.118.115.184])
by mailserv.atco.ca with esmtp (Exim 3.10 #1)
for ktelnet-talkers@stacken.kth.se
id 132yQa-0001ub-00; Fri, 16 Jun 2000 09:53:04 -0600
Received: from XXXXX by gpudocs.atco.ca with local (Exim 3.10 #1)
for ktelnet-talkers@stacken.kth.se
id 132yQZ-00075e-00; Fri, 16 Jun 2000 09:53:03 -0600
To: ktelnet-talkers@stacken.kth.se
Subject: New member
Message-Id: <E132yQZ-00075e-00@gpudocs.atco.ca>
From: Michael Houle <michael.houle@atcoitek.com>
Date: Fri, 16 Jun 2000 09:53:03 -0600
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Hello,
This is my first post. Is there a FAQ for this software ?
I've read the manual but can't get it to work still. I'd
post the question but I'd rather see if there is a FAQ first.
Regards,
Mike.
From owner-ktelnet-talkers@stacken.kth.se Wed Jun 21 16:00:21 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id QAA10399
for ktelnet-talkers-list; Wed, 21 Jun 2000 16:00:11 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id PAA10395;
Wed, 21 Jun 2000 15:59:57 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id PAA23193;
Wed, 21 Jun 2000 15:59:56 +0200 (MET DST)
Date: Wed, 21 Jun 2000 15:59:56 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: Michael Houle <michael.houle@atcoitek.com>
Cc: ktelnet-talkers@stacken.kth.se
Subject: Re: New member
In-Reply-To: Your message of Fri, 16 Jun 2000 09:53:03 -0600
Message-ID: <CMM.0.90.4.961595996.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
No, there is no FAQ for KTELNET, but in the manual for V2.00.950 I
have included a solution for two common problems!
One thing to know is that KTELNET is currently not capable of talking
Kerberos V5! Support for this will be included in a future release!
/thn
From owner-ktelnet-talkers@stacken.kth.se Mon Jun 26 14:52:01 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id OAA18302
for ktelnet-talkers-list; Mon, 26 Jun 2000 14:51:32 +0200 (MET DST)
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id OAA18297
for ktelnet-announce-list; Mon, 26 Jun 2000 14:51:28 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id OAA18293
for <ktelnet-announce@stacken.kth.se>; Mon, 26 Jun 2000 14:51:25 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id OAA05177
for ktelnet-announce@stacken.kth.se; Mon, 26 Jun 2000 14:51:24 +0200 (MET DST)
Date: Mon, 26 Jun 2000 14:51:24 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: ktelnet-announce@stacken.kth.se
Subject: New release of KTELNET, V2.01.950
Message-ID: <CMM.0.90.4.962023884.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
New feature: Added suport for interrealm authentication.
and also some bug-fixes.
Available for download from http://www.stacken.kth.se/~thn/ktelnet
/thn
From owner-ktelnet-talkers@stacken.kth.se Wed Jul 12 00:06:32 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id AAA18372
for ktelnet-talkers-list; Wed, 12 Jul 2000 00:06:26 +0200 (MET DST)
Received: from mailserv.atco.ca (atcocul4.atco.ca [192.210.10.253])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id AAA18364
for <ktelnet-talkers@stacken.kth.se>; Wed, 12 Jul 2000 00:06:17 +0200 (MET DST)
Received: from gpuserv.atco.ca ([141.118.115.150])
by mailserv.atco.ca with esmtp (Exim 3.10 #1)
for ktelnet-talkers@stacken.kth.se
id 13C89u-0004Rd-00; Tue, 11 Jul 2000 16:05:42 -0600
Received: from XXXXX by gpuserv.atco.ca with local (Exim 3.10 #1)
for ktelnet-talkers@stacken.kth.se
id 13C89t-0000va-00; Tue, 11 Jul 2000 16:05:41 -0600
To: ktelnet-talkers@stacken.kth.se
Subject: kerberos 5
Message-Id: <E13C89t-0000va-00@gpuserv.atco.ca>
From: Michael Houle <michael.houle@atcoitek.com>
Date: Tue, 11 Jul 2000 16:05:41 -0600
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Hello Folks,
Pardon the potentially useless question but:
Can anyone tell me when Kerb5 support is expected to be
included in this package ?
Thanks,
Mike
From owner-ktelnet-talkers@stacken.kth.se Wed Jul 12 08:20:32 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id IAA27191
for ktelnet-talkers-list; Wed, 12 Jul 2000 08:20:30 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id IAA27185;
Wed, 12 Jul 2000 08:20:19 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id IAA07018;
Wed, 12 Jul 2000 08:20:19 +0200 (MET DST)
Date: Wed, 12 Jul 2000 8:20:18 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: Michael Houle <michael.houle@atcoitek.com>
Cc: ktelnet-talkers@stacken.kth.se
Subject: Re: kerberos 5
In-Reply-To: Your message of Tue, 11 Jul 2000 16:05:41 -0600
Message-ID: <CMM.0.90.4.963382818.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
I plan to include Kerberos 5 support in the next major release but I
have no timeplan for it....
/thn
From owner-ktelnet-talkers@stacken.kth.se Thu Jul 20 08:25:59 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id IAA06685
for ktelnet-talkers-list; Thu, 20 Jul 2000 08:25:34 +0200 (MET DST)
Received: from master.tch.de (root@[212.59.40.136])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id IAA06681
for <ktelnet-talkers@stacken.kth.se>; Thu, 20 Jul 2000 08:25:31 +0200 (MET DST)
Received: (from muenkel@localhost)
by master.tch.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) id IAA28567;
Thu, 20 Jul 2000 08:27:00 +0200
From: Heiko Muenkel <muenkel@tch.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14710.39860.549135.177786@master.tch.de>
Date: Thu, 20 Jul 2000 08:27:00 +0200 (MEST)
To: ktelnet-talkers@stacken.kth.se
Subject: Problem with ktelnet and Linux Kerberos
X-Mailer: VM 6.71 under 21.1 (patch 8) "Bryce Canyon" XEmacs Lucid
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Hi,
I've a Redhat Kerberos installation running on Linux PC's. Everything
works fine on these PC's (I can use Kerberos ftp and telnet between
them), but I can't use the Ktelnet ftp or telnet program on a Windows
98 PC to connect to the PC's in the Linux realm. With ktelnet ftp I'll
get the TGT and also the ftp ticket, but then I'll get the following
error message from the Linux ftp daemon:
ADAT: Kerberos V4 krb_rd_req: Can't decode authenticator (krb_rd_req)
Any ideas, what's going wrong? Was anyone able to connect with ktelnet
to a Linux PC or maybe to a Unix workstation running a MIT Kerberos
installation? Is there a FAQ for such problems?
Thanks for your help,
Heiko
From owner-ktelnet-talkers@stacken.kth.se Thu Jul 20 08:45:59 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id IAA06999
for ktelnet-talkers-list; Thu, 20 Jul 2000 08:45:58 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id IAA06995;
Thu, 20 Jul 2000 08:45:53 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id IAA09255;
Thu, 20 Jul 2000 08:45:53 +0200 (MET DST)
Date: Thu, 20 Jul 2000 8:45:52 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: Heiko Muenkel <muenkel@tch.de>
Cc: ktelnet-talkers@stacken.kth.se
Subject: Re: Problem with ktelnet and Linux Kerberos
In-Reply-To: Your message of Thu, 20 Jul 2000 08:27:00 +0200 (MEST)
Message-ID: <CMM.0.90.4.964075552.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Heiko Muenkel <muenkel@tch.de>:
>
> Hi,
>
Hello!
> I've a Redhat Kerberos installation running on Linux PC's. Everything
> works fine on these PC's (I can use Kerberos ftp and telnet between
> them), but I can't use the Ktelnet ftp or telnet program on a Windows
> 98 PC to connect to the PC's in the Linux realm. With ktelnet ftp I'll
> get the TGT and also the ftp ticket, but then I'll get the following
> error message from the Linux ftp daemon:
>
> ADAT: Kerberos V4 krb_rd_req: Can't decode authenticator (krb_rd_req)
>
> Any ideas, what's going wrong? Was anyone able to connect with ktelnet
> to a Linux PC or maybe to a Unix workstation running a MIT Kerberos
> installation? Is there a FAQ for such problems?
>
How are the machines connected together, are there any firewalls
between them (for example something doing NAT)?
Have you checked the time (and timezone) on the Windows machine:
Usally it is not allowed to differ more then 5 minutes from the
servers. You can try to set 'kdc_timesync' to 'Yes' in krb.extra
in KTelnet to solve this problem.
Which version of KTelnet do you have?
If you tries to telnet into the Linux machines with KTelnet, what kind
of problems do you get?
I have described the solution to two common problems in the manuel:
The message 'Time is out of bounds' and that telnet works but not FTP.
/thn
From owner-ktelnet-talkers@stacken.kth.se Thu Jul 20 20:36:50 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id UAA21247
for ktelnet-talkers-list; Thu, 20 Jul 2000 20:36:48 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id UAA21243;
Thu, 20 Jul 2000 20:36:43 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id UAA20524;
Thu, 20 Jul 2000 20:36:42 +0200 (MET DST)
Date: Thu, 20 Jul 2000 20:36:41 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: Heiko Muenkel <muenkel@tch.de>
Subject: Re: Problem with ktelnet and Linux Kerberos
In-Reply-To: Your message of Thu, 20 Jul 2000 17:07:08 +0200 (MEST)
Cc: ktelnet-talkers@stacken.kth.se
Message-ID: <CMM.0.90.4.964118201.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Stop!
I have solved the problem: You linux-machines is using Kerberos 5,
KTelnet doesn't support Kerberos 5!
But: You have also find a problem with KTelnet: If it can't find
Kerberos 4 it didn't send back a message saying that it could not
support it: therefore the connection appears to be hung.
Your KDC support Kerberos 4 and gives you Kerberos 4 tickets but
your FTPD and your TELNETD expects and supports only Kerberos 5.
Sorry, you can't use KTelnet for the moment, I am planning to
include Kerberos 5 support but I don't have any timeschedule
for it!
/thn
From owner-ktelnet-talkers@stacken.kth.se Fri Jul 21 10:05:07 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id KAA07801
for ktelnet-talkers-list; Fri, 21 Jul 2000 10:04:30 +0200 (MET DST)
Received: from master.tch.de (root@[212.59.40.136])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id KAA07796;
Fri, 21 Jul 2000 10:04:22 +0200 (MET DST)
Received: (from muenkel@localhost)
by master.tch.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) id KAA06007;
Fri, 21 Jul 2000 10:04:17 +0200
From: Heiko Muenkel <muenkel@tch.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14712.1020.797424.613567@master.tch.de>
Date: Fri, 21 Jul 2000 10:04:12 +0200 (MEST)
To: thn@stacken.kth.se
Cc: ktelnet-talkers@stacken.kth.se
Subject: Re: Problem with ktelnet and Linux Kerberos
In-Reply-To: <CMM.0.90.4.964118201.thn@pizza.stacken.kth.se>
References: <CMM.0.90.4.964118201.thn@pizza.stacken.kth.se>
X-Mailer: VM 6.71 under 21.1 (patch 8) "Bryce Canyon" XEmacs Lucid
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Thomas Nystrom writes:
> Stop!
>
> I have solved the problem: You linux-machines is using Kerberos 5,
> KTelnet doesn't support Kerberos 5!
>
> But: You have also find a problem with KTelnet: If it can't find
> Kerberos 4 it didn't send back a message saying that it could not
> support it: therefore the connection appears to be hung.
>
> Your KDC support Kerberos 4 and gives you Kerberos 4 tickets but
> your FTPD and your TELNETD expects and supports only Kerberos 5.
>
> Sorry, you can't use KTelnet for the moment, I am planning to
> include Kerberos 5 support but I don't have any timeschedule
> for it!
>
> /thn
>
>
Thanks for your help. I thaught that the daemon also supports
Kerberos 4, because the rest (KDC) of the redhat binary distribution
does it. I'll try to get the sources and try to compile them with
support for kerberos 4.
I've another question. Would it be hard to change KFtp, so that it
uses not the standard ftp port?
By the way, thanks for writing this nice packet!
Regards to Sweden from the Expo-City Hannover,
Heiko
From owner-ktelnet-talkers@stacken.kth.se Fri Jul 21 11:25:08 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id LAA09271
for ktelnet-talkers-list; Fri, 21 Jul 2000 11:25:06 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id LAA09267;
Fri, 21 Jul 2000 11:25:01 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id LAA03939;
Fri, 21 Jul 2000 11:25:00 +0200 (MET DST)
Date: Fri, 21 Jul 2000 11:25:00 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: Heiko Muenkel <muenkel@tch.de>
Cc: ktelnet-talkers@stacken.kth.se
Subject: Re: Problem with ktelnet and Linux Kerberos
In-Reply-To: Your message of Fri, 21 Jul 2000 10:04:12 +0200 (MEST)
Message-ID: <CMM.0.90.4.964171500.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Heiko Muenkel <muenkel@tch.de>:
> I've another question. Would it be hard to change KFtp, so that it
> uses not the standard ftp port?
>
No, I think that should be rather easy...
> By the way, thanks for writing this nice packet!
>
Tanks!
/thn
From owner-ktelnet-talkers@stacken.kth.se Tue Jul 25 16:48:28 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id QAA28826
for ktelnet-talkers-list; Tue, 25 Jul 2000 16:48:01 +0200 (MET DST)
Received: from master.tch.de (root@[212.59.40.136])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id QAA28821;
Tue, 25 Jul 2000 16:47:57 +0200 (MET DST)
Received: (from muenkel@localhost)
by master.tch.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) id QAA16613;
Tue, 25 Jul 2000 16:47:27 +0200
From: Heiko Muenkel <muenkel@tch.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14717.43134.709538.22549@master.tch.de>
Date: Tue, 25 Jul 2000 16:47:26 +0200 (MEST)
To: thn@stacken.kth.se
Cc: ktelnet-talkers@stacken.kth.se
Subject: Re: Problem with ktelnet and Linux Kerberos
In-Reply-To: <CMM.0.90.4.964118201.thn@pizza.stacken.kth.se>
References: <CMM.0.90.4.964118201.thn@pizza.stacken.kth.se>
X-Mailer: VM 6.71 under 21.1 (patch 8) "Bryce Canyon" XEmacs Lucid
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
In the meantime I've found out who to make my Kerberos 5 Server `more'
Kerberos 4 compatible. I'm now able to connect from a Linux client
host with a Kerberos 4 ftp and telnet to a Kerberos 5 server. But I
still can't connect with kftp or ktelnet (ktelnet now doesn't hang, it
prints a similar error message). The error message lokks like: "Can't
decode authenticator ...)". Is it possible, that different
encoding/decoding algorithmn are used? Do you you know, which coding
algorithmn are used by Ktelnet?
In my configuration file on the Kerberos server I've the line
default_etypes = des-cbc-md5 des-cbc-crc
Thomas Nystrom writes:
> Stop!
>
> I have solved the problem: You linux-machines is using Kerberos 5,
> KTelnet doesn't support Kerberos 5!
>
> But: You have also find a problem with KTelnet: If it can't find
> Kerberos 4 it didn't send back a message saying that it could not
> support it: therefore the connection appears to be hung.
>
> Your KDC support Kerberos 4 and gives you Kerberos 4 tickets but
> your FTPD and your TELNETD expects and supports only Kerberos 5.
>
> Sorry, you can't use KTelnet for the moment, I am planning to
> include Kerberos 5 support but I don't have any timeschedule
> for it!
>
> /thn
>
>
From owner-ktelnet-talkers@stacken.kth.se Tue Jul 25 17:21:16 2000
Received: (from majordom@localhost)
by brev.stacken.kth.se (8.9.3/8.9.3) id RAA29573
for ktelnet-talkers-list; Tue, 25 Jul 2000 17:21:15 +0200 (MET DST)
Received: from pizza.stacken.kth.se (pizza.stacken.kth.se [130.237.234.73])
by brev.stacken.kth.se (8.9.3/8.9.3) with ESMTP id RAA29565;
Tue, 25 Jul 2000 17:21:10 +0200 (MET DST)
Received: (from thn@localhost)
by pizza.stacken.kth.se (8.8.7/8.8.7) id RAA15091;
Tue, 25 Jul 2000 17:21:09 +0200 (MET DST)
Date: Tue, 25 Jul 2000 17:21:08 MET DST
From: Thomas Nystrom <thn@stacken.kth.se>
To: Heiko Muenkel <muenkel@tch.de>
Cc: ktelnet-talkers@stacken.kth.se
Subject: Re: Problem with ktelnet and Linux Kerberos
In-Reply-To: Your message of Tue, 25 Jul 2000 16:47:26 +0200 (MEST)
Message-ID: <CMM.0.90.4.964538468.thn@pizza.stacken.kth.se>
Sender: owner-ktelnet-talkers@stacken.kth.se
Precedence: bulk
Heiko Muenkel <muenkel@tch.de>:
> In the meantime I've found out who to make my Kerberos 5 Server `more'
> Kerberos 4 compatible. I'm now able to connect from a Linux client
> host with a Kerberos 4 ftp and telnet to a Kerberos 5 server. But I
> still can't connect with kftp or ktelnet (ktelnet now doesn't hang, it
> prints a similar error message). The error message lokks like: "Can't
> decode authenticator ...)". Is it possible, that different
> encoding/decoding algorithmn are used? Do you you know, which coding
> algorithmn are used by Ktelnet?
As far as I know there are only one coding algorithm used by Kerberos 4
(for the ticket encoding/decoding)! If you comes so far that you gets
the message "Can't decode..." it means that KTelnet has sent the
ticket to your telnetd. To be able to do that KTelnet has decoded your
ticket-granting-ticket (your password is the key) and requested a
rcmd.foo ticket for your destination machine. I think that you should
check your telnet-server and specially your /etc/srvtab on that
machine, if not the needed keys are in srvtab you will also get the
"Can't decode...." message.
>
> In my configuration file on the Kerberos server I've the line
> default_etypes = des-cbc-md5 des-cbc-crc
Is this the encoding of the tickets or encoding of the datastream?
/thn