From owner-freebsd-questions@FreeBSD.ORG Thu Jun 2 09:12:12 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF40F16A41C for ; Thu, 2 Jun 2005 09:12:12 +0000 (GMT) (envelope-from jay2xra@yahoo.com) Received: from web51607.mail.yahoo.com (web51607.mail.yahoo.com [206.190.38.212]) by mx1.FreeBSD.org (Postfix) with SMTP id 6273143D49 for ; Thu, 2 Jun 2005 09:12:12 +0000 (GMT) (envelope-from jay2xra@yahoo.com) Received: (qmail 90652 invoked by uid 60001); 2 Jun 2005 09:12:10 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=jPCUExp0zN+PRHYUyEqiZ0sSkAOmtcAxiAvKT2zG9iOCFgyvVigpAGYuKci0+QDKgn3skSQkRjjmTHggh+IJXv+IYa5EMqpDhRlggddqKQq2JyiniAq3AiVixBEHYjlUDScqX30gbi7Lavax5tMxAv3ZqLraXPRwnK6ygXeKHd8= ; Message-ID: <20050602091210.90650.qmail@web51607.mail.yahoo.com> Received: from [202.90.128.28] by web51607.mail.yahoo.com via HTTP; Thu, 02 Jun 2005 02:12:10 PDT Date: Thu, 2 Jun 2005 02:12:10 -0700 (PDT) From: Mark Jayson Alvarez To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Help: krb5_sock_to_principal failed -> Kerberos guru(kindhearted)... Anyone? Here? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jun 2005 09:12:12 -0000 Hi, I'm trying to configure a kerberos realm, and I have already installed heimdal on one FreeBSD5.4 machine and was able to run KDC daemon. I can already acquire a TGT and was about to test it using telnet. First, after acquiring a ticket granting ticket, I launched telnet on another machine with inetd running and telnetd enabled already in its inetd.conf.. However, my telnet client said the following: Trying KERBEROS5 (host/gwenever.camlann.pregi.net@CAMLANN.PREGI.NET)... ] [ Kerberos V5 refuses authentication because krb5_sock_to_principal failed ].. Some of kerberos clients are already installed by default right? Ex., even without installing heimdal, I can still run kinit. How about those server daemons like telnetd?? Are they already built to accept a kerberos authentication? Why am I getting the above messages even if I use the telnet client inside "/usr/local/heimdal/bin" against the telnetd found inside "/usr/local/heimdal/libexec -a user" of the remote machine I am connecting to. And even if I use the default /usr/bin/telnet against /usr/libexec/telnetd -a user of the remote machine, I still get the same error above. Now if I pair a /usr/bin/telnet against the "/usr/local/heimdal/libexec/telnetd -a debug"on the remote computer, I still get the same error above but now with a warning: *** Connection not encrypted! Communication may be eavesdropped. *** and also the login prompt.. this time it is allowing me to login, only not encrypted, unlike when I use those pairings above which automatically exits upon failed authentication. Do you have any idea what's happening here? Thank you very much. -jay __________________________________ Discover Yahoo! Use Yahoo! to plan a weekend, have fun online and more. Check it out! http://discover.yahoo.com/