Jeff, The AES-128 encrytpion in cygwin is before I do the ms2mit. Once I run the ms2mit the outputs from the two klists Show the ArcFour encyption.
Thanks, Pat Jeffrey Altman wrote: > What does klist in cygwin show after you ms2mit? That is the important > question. If you are not seeing the TGT, then you are not placing the > ticket into the correct file. > > Jeffrey Altman > > > Pat Connolly wrote: > > Jeff, > > > > klist -e on windows has "ArcFour with HMAC/md5" > > klist -e in cygwin has "AES-128 CTS mode with 96-bit SHA-1 HMAC" > > > > I have kerberos 1.3.3 installed. I got the cygwin package from > > http://www-clued0.fnal.gov/~axel/files/. What is the easiest way to fix > > this? > > > > Thanks > > Pat > > > > > > Jeffrey Altman wrote: > >> "klist -e" > >> > >> I bet the Kerberos implementation you are using in cygwin does not have > >> support for the enctypes used by Microsoft. RC4-HMAC > >> > >> Jeffrey Altman > >> > >> > >> Pat Connolly wrote: > >>> Jeff, Thanks, That worked. When I had tried the -c option I did not put > >>> the FILE: in front of the path. > >>> > >>> I am now running into an other problem. If I open a cygwin xterm window > >>> and run kinit, I get the ticket. I am then able to ssh to any of the > >>> servers with out being asked for a password. But when I run ms2mit and > >>> then try to ssh, I am asked for a password. If I run klist I see a > >>> valid ticket. It looks the same as the ticket I get after running > >>> kinit. In the kdc.log on the kdc server, I get an error stating: > >>> "<unknown client> for host/[EMAIL PROTECTED], No mathcing key in entry" > >>> The > >>> other think that I have noticed when I do a klist is that after I do a > >>> kinit and then ssh, the server I went to is in my ticket cache. But > >>> after I run ms2mit and then ssh, the server is not added. > >>> > >>> Thanks > >>> Pat > >>> > >>> > >>> Jeffrey Altman wrote: > >>>> Cygwin can only use file based ccaches. You need to store the TGT > >>>> into a file ccache. > >>>> > >>>> ms2mit.exe -c FILE:<pathname> > >>>> > >>>> Then you have to specify the default ccache name in your cygwin > >>>> environment. > >>>> > >>>> Jeffrey Altman > >>>> > >>>> > >>>> Pat Connolly wrote: > >>>>> Hello, > >>>>> > >>>>> I have installed kfw-3.0 on my XP workstation It authenticates against > >>>>> the KDC with no problems. Klist shows the ticket in the MSLSA cache. > >>>>> > >>>>> On my workstation, I also have cygwin installed with krb5 and kerberos > >>>>> enabled ssh. Once I run kinit, my ssh works fine. > >>>>> > >>>>> I am now trying to get the Windows tickets to be dumped to the krb5 > >>>>> file cache using ms2mit so that I do not need to enter my password a > >>>>> second time. When I run ms2mit from the command line I get the prompt > >>>>> back with no errors but the krb5 cache is not populated. Any ideas > >>>>> where I went wrong? > >>>>> > >>>>> Thanks > >>>>> Pat > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
