From owner-freebsd-questions@FreeBSD.ORG Thu Jun 2 03:45:25 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1ABB416A41C for ; Thu, 2 Jun 2005 03:45:25 +0000 (GMT) (envelope-from jay2xra@yahoo.com) Received: from web51606.mail.yahoo.com (web51606.mail.yahoo.com [206.190.38.211]) by mx1.FreeBSD.org (Postfix) with SMTP id AA3A643D49 for ; Thu, 2 Jun 2005 03:45:24 +0000 (GMT) (envelope-from jay2xra@yahoo.com) Received: (qmail 8593 invoked by uid 60001); 2 Jun 2005 03:45:24 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=kEv91f/YMSpWOys/R956BLfdj+DIPT07FH3f854KAU1kT0jcmvSMz7186eTbWGjuaQbe0fw2bwjSy4p2Pp1BXG3PNY1K/36L2Oal485SqlVdx1d/IqJzJog1b9C3A0F9R0/8PXeEw6FTSB/nnitTXw22neI76ePCJ968aexCKk8= ; Message-ID: <20050602034524.8591.qmail@web51606.mail.yahoo.com> Received: from [202.90.128.28] by web51606.mail.yahoo.com via HTTP; Wed, 01 Jun 2005 20:45:24 PDT Date: Wed, 1 Jun 2005 20:45:24 -0700 (PDT) From: Mark Jayson Alvarez To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Are those services in inetd.conf(telnetd, ftpd) kerberized already?? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jun 2005 03:45:25 -0000 Hi, I'm trying to configure a kerberos realm, and I have already installed heimdal on one FreeBSD5.4 machine and was able to run KDC daemon. I can already acquire a TGT and was about to test it using telnet. First, after acquiring a ticket granting ticket, I launched telnet on another machine with inetd running and telnetd enabled already in its inetd.conf.. However, my telnet client said the following: Trying KERBEROS5 (host/gwenever.camlann.pregi.net@CAMLANN.PREGI.NET)... ] [ Kerberos V5 refuses authentication because krb5_sock_to_principal failed ].. Some of kerberos clients are already installed by default right? Ex., even without installing heimdal, I can still run kinit. How about those server daemons like telnetd?? Are they already built to accept a kerberos authentication? Why am I getting the above messages even if I use the telnet client inside "/usr/local/heimdal/bin" against the telnetd found inside "/usr/local/heimdal/libexec -a user" of the remote machine I am connecting to. And even if I use the default /usr/bin/telnet against /usr/libexec/telnetd -a user of the remote machine, I still get the same error above. Now if I pair a /usr/bin/telnet against the "/usr/local/heimdal/libexec/telnetd -a debug"on the remote computer, I still get the same error above but now with a warning: *** Connection not encrypted! Communication may be eavesdropped. *** and also the login prompt.. this time it is allowing me to login, only not encrypted, unlike when I use those pairings above which automatically exits upon failed authentication. Do you have any idea what's happening here? Thank you very much. -jay __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com