Package: inetutils-telnet Version: 1.5.dfsg.1-2 Tags: patch Hi! Thanks for linking to Shishi for Kerberos 5 authentication! Alas, it doesn't quite work. :(
I debugged the problem and the patch to fix this is below. A typical error message would be: [EMAIL PROTECTED]:~$ telnet -a my.nada.kth.se Trying 130.237.226.234... Encryption is verbose Automatic decryption of input is enabled Automatic encryption of output is enabled Will send login name and/or authentication information. Connected to my.nada.kth.se. Escape character is '^]'. [ Kerberos V5 refuses authentication because Read req failed: Service key not available ] [ Kerberos V5 refuses authentication because Read req failed: Service key not available ] telnetd: Authorization failed. Connection closed by foreign host. [EMAIL PROTECTED]:~$ The patch below solves this, and now it works: [EMAIL PROTECTED]:~$ ~/src/inetutils/telnet/telnet -a my.nada.kth.se Trying 130.237.226.234... Encryption is verbose Automatic decryption of input is enabled Automatic encryption of output is enabled Will send login name and/or authentication information. Connected to my.nada.kth.se. Escape character is '^]'. [ Kerberos V5 accepts you as [EMAIL PROTECTED]'' (server authenticated) ] [ Output is now encrypted with type DES_CFB64 ] [ Input is now decrypted with type DES_CFB64 ] ... See also: http://thread.gmane.org/gmane.comp.gnu.inetutils.bugs/1346 I know it is late, but any chance of getting this into etch? It is arguable an 'important' severity, and approving a new package with this minimal patch might be possible. Thanks, Simon 2007-03-13 Simon Josefsson <[EMAIL PROTECTED]> * libtelnet/shishi.c (krb5shishi_send): Don't set a use-session-key ap-options, that is for user2user authentication which is not appropriate here. --- shishi.c 08 Mar 2007 15:02:20 +0100 1.2 +++ shishi.c 13 Mar 2007 17:31:30 +0100 @@ -1,4 +1,4 @@ -/* Copyright (C) 2002, 2003 Simon Josefsson +/* Copyright (C) 2002, 2003, 2007 Simon Josefsson Copyright (C) 2003 Free Software Foundation, Inc. This file is part of Shishi / GNU Inetutils. @@ -169,10 +169,6 @@ else ap_opts = 0; -# ifdef ENCRYPTION - ap_opts |= SHISHI_APOPTIONS_USE_SESSION_KEY; -# endif /* ENCRYPTION */ - type_check[0] = ap->type; type_check[1] = ap->way; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
