Hi, I m using Heimdal Kerberos 5. After the setup and configured the KDC by following the instruction on http://netbsd.binarycompass.org/Documentation/network/
telnet -ax and ssh to the KDC server is working, shown as below: [EMAIL PROTECTED] [1:33pm] [/var/heimdal]# telnet -ax fbsd.rock.com Trying 192.168.1.1... Connected to fbsd.rock.com. Escape character is '^]'. [ Trying mutual KERBEROS5 (host/[EMAIL PROTECTED])... ] [ Kerberos V5 accepts you as [EMAIL PROTECTED]'' ] Now I m getting error if I want to login a remote host. The error from ssh is as below (as displayed at its console): Failed password for sam from 192.l68.1.1 (192.168.1.1 is the KDC server). /etc/krb4kdc.log shown: 2004-06-04T13:24:53 AS-REQ [EMAIL PROTECTED] from IPv4:192.168.1.254 for krbtgt/[EMAIL PROTECTED] 2004-06-04T13:24:53 Using des3-cbc-sha1/des3-cbc-sha1 2004-06-04T13:24:53 sending 584 bytes to IPv4:192.168.1.254 2004-06-04T13:24:53 TGS-REQ [EMAIL PROTECTED] from IPv4:192.168.1.254 for host/[EMAIL PROTECTED] 2004-06-04T13:24:53 sending 589 bytes to IPv4:192.168.1.254 There is no error message here, only indicate KDC had sent TG to the remote host (192.168.1.254). I have added principals for 192.168.1.254 (sec.rock.com): [EMAIL PROTECTED] [1:33pm] [/var/heimdal]# !k ktutil list FILE:/etc/krb5.keytab: Vno Type Principal 1 des-cbc-crc host/[EMAIL PROTECTED] 1 des-cbc-md4 host/[EMAIL PROTECTED] 1 des-cbc-md5 host/[EMAIL PROTECTED] 1 des3-cbc-sha1 host/[EMAIL PROTECTED] 1 des-cbc-crc host/[EMAIL PROTECTED] 1 des-cbc-md4 host/[EMAIL PROTECTED] 1 des-cbc-md5 host/[EMAIL PROTECTED] 1 des3-cbc-sha1 host/[EMAIL PROTECTED] 1 des-cbc-crc host/[EMAIL PROTECTED] 1 des-cbc-md4 host/[EMAIL PROTECTED] 1 des-cbc-md5 host/[EMAIL PROTECTED] 1 des3-cbc-sha1 host/[EMAIL PROTECTED] 1 des-cbc-crc host/[EMAIL PROTECTED] 1 des-cbc-md4 host/[EMAIL PROTECTED] 1 des-cbc-md5 host/[EMAIL PROTECTED] 1 des3-cbc-sha1 host/[EMAIL PROTECTED] 1 des-cbc-crc root/[EMAIL PROTECTED] 1 des-cbc-md4 root/[EMAIL PROTECTED] 1 des-cbc-md5 root/[EMAIL PROTECTED] 1 des3-cbc-sha1 root/[EMAIL PROTECTED] 1 des-cbc-crc host/[EMAIL PROTECTED] 1 des-cbc-md4 host/[EMAIL PROTECTED] 1 des-cbc-md5 host/[EMAIL PROTECTED] 1 des3-cbc-sha1 host/[EMAIL PROTECTED] 1 des-cbc-crc root/[EMAIL PROTECTED] 1 des-cbc-md4 root/[EMAIL PROTECTED] 1 des-cbc-md5 root/[EMAIL PROTECTED] 1 des3-cbc-sha1 root/[EMAIL PROTECTED] 1 des-cbc-crc root/[EMAIL PROTECTED] 1 des-cbc-md4 root/[EMAIL PROTECTED] 1 des-cbc-md5 root/[EMAIL PROTECTED] 1 des3-cbc-sha1 root/[EMAIL PROTECTED] 1 des-cbc-crc host/[EMAIL PROTECTED] 1 des-cbc-md4 host/[EMAIL PROTECTED] 1 des-cbc-md5 host/[EMAIL PROTECTED] 1 des3-cbc-sha1 host/[EMAIL PROTECTED] 1 des-cbc-crc host/[EMAIL PROTECTED] 1 des-cbc-md4 host/[EMAIL PROTECTED] 1 des-cbc-md5 host/[EMAIL PROTECTED] 1 des3-cbc-sha1 host/[EMAIL PROTECTED] 1 des-cbc-crc host/[EMAIL PROTECTED] 1 des-cbc-md4 host/[EMAIL PROTECTED] 1 des-cbc-md5 host/[EMAIL PROTECTED] 1 des3-cbc-sha1 host/[EMAIL PROTECTED] krb4:/etc/srvtab: Vno Type Principal 1 des-cbc-md5 host/[EMAIL PROTECTED] 1 des-cbc-md4 host/[EMAIL PROTECTED] 1 des-cbc-crc host/[EMAIL PROTECTED] 1 des-cbc-md5 root/[EMAIL PROTECTED] 1 des-cbc-md4 root/[EMAIL PROTECTED] 1 des-cbc-crc root/[EMAIL PROTECTED] [EMAIL PROTECTED] [1:33pm] [/var/heimdal]# One thing I don't understand is there are multiple entries are all the same, for example entries for host/sec.rock.com. And I don't why I got the /etc/srvtab entries as well. Can I safely remote the file /etc/srvtab? So what might be wrong for causing the problem of login a rmeote client fail when using Kerberos 5? Thanks sam ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
