All, I have setup a Shishi KDC for interop purposes on interop.josefsson.org. The server is running Ubuntu 12.04 with Shishi installed from packages. The machine configuration is public, Shishi specific parts are here:
https://www.gitorious.org/cosmos/sjd-cosmos/blobs/master/interop.josefsson.org/pre-tasks.d/910shishi https://www.gitorious.org/cosmos/sjd-cosmos/blobs/master/interop.josefsson.org/post-tasks.d/920shishi You can test it by invoking 'shishi [email protected]' as a client. The password is 'pencil'. Of course, MIT/Heimdal clients should work as well. See simple transcript here: jas@latte:~$ shishi [email protected] Enter password for `[email protected]': [email protected]: Authtime: Wed Aug 8 15:03:14 2012 Endtime: Wed Aug 8 23:03:12 2012 Server: krbtgt/interop.josefsson.org key aes256-cts-hmac-sha1-96 (18) Ticket key: aes256-cts-hmac-sha1-96 (18) protected by aes256-cts-hmac-sha1-96 (18) Ticket flags: INITIAL (512) jas@latte:~$ Or using MIT Kerberos: jas@latte:~$ kinit user Password for [email protected]: jas@latte:~$ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: [email protected] Valid starting Expires Service principal 2012-08-08 15:04:16 2012-08-09 15:04:14 krbtgt/[email protected] jas@latte:~$ Or using Heimdal: jas@latte:~$ kinit user [email protected]'s Password: jas@latte:~$ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: [email protected] Issued Expires Principal Aug 8 15:06:42 2012 Aug 9 01:06:38 2012 krbtgt/[email protected] jas@latte:~$ If you want to test a Kerberized client against the server, there is also a telnetd running on the machine, and it accepts Kerberos login for the user 'user' for the principal [email protected]. The telnetd server is GNU InetUtils, also from Ubuntu packages. To test it on the client side, you can install the 'inetutils-telnet' package on your machine. Put 'default-realm interop.josefsson.org' in your ~/.shishi/shishi.conf to configure Shishi for this realm. Make sure you have tickets (see above) and then try it like this: jas@latte:~$ inetutils-telnet -l user interop.josefsson.org Trying 178.79.173.181... Automatic decryption of input is enabled Automatic encryption of output is enabled Will send login name and/or authentication information. Encryption is verbose Connected to interop.josefsson.org. Escape character is '^]'. [ Kerberos V5 accepts you as ``interop.josefsson.org'' (server authenticated) ] [ Output is now encrypted with type DES_CFB64 ] [ Input is now decrypted with type DES_CFB64 ] ... Connection closed by foreign host. jas@latte:~$ This is with a ~/.telnetrc file that contains: DEFAULT environ export XAUTHORITY set autodecrypt set autoencrypt set autologin # set authdebug set verbose_encrypt Unfortunately, MIT and Heimdal telnet clients doesn't appear to deal with AES keys (sigh!) so you can't connect to it using MIT telnet. /Simon _______________________________________________ Help-shishi mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-shishi
