Date: 07 Jul 1998 21:11:24 +0200 From: joda@pdc.kth.se (Johan Danielsson) To: Ludwig Pummer <ludwigp@bigfoot.com> Cc: security@FreeBSD.ORG Subject: Re: kerberos su problems betw 2 machines Message-ID: <xof7m1p5vdv.fsf@blubb.pdc.kth.se> In-Reply-To: Ludwig Pummer's message of "Tue, 07 Jul 1998 11:24:09 -0700" References: <Ludwig Pummer's message of "Thu, 25 Jun 1998 12:25:41 -0700"> <3.0.3.32.19980625122541.006988b8@mail.plstn1.sfba.home.com> <3.0.3.32.19980707112409.031f3894@mail.plstn1.sfba.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ludwig Pummer <ludwigp@bigfoot.com> writes: > So the kerberos stuff looks like it's coming from 24.1.82.47? Why is > that? Could it be because the 24.1.82.47 interface is brought up > first in rc.conf? Because your operating system thinks that's the best interface for taking to your KDC. > Yes, it's using kerberized login: > ludwigp@inet% klist > Ticket file: /tmp/tkt1001 > Principal: ludwigp@CHIPWEB.ML.ORG > > Issued Expires Principal > Jul 7 11:13:53 Jul 7 19:13:53 krbtgt.CHIPWEB.ML.ORG@CHIPWEB.ML.ORG But your login isn't paranoid enough. It should get a ticket for the local machine and try to decrypt it with the service key. Try adding the following to /etc/krb.equiv: 24.1.82.47 172.16.1.5 /Johan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xof7m1p5vdv.fsf>