From owner-freebsd-security Tue Jul 7 12:11:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA17840 for freebsd-security-outgoing; Tue, 7 Jul 1998 12:11:56 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from blubb.pdc.kth.se (blubb.pdc.kth.se [193.10.159.47]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id MAA17832 for ; Tue, 7 Jul 1998 12:11:52 -0700 (PDT) (envelope-from joda@pdc.kth.se) Received: from joda by blubb.pdc.kth.se with local (Exim 1.71 #3) id 0ytd9A-00030t-00; Tue, 7 Jul 1998 21:11:24 +0200 To: Ludwig Pummer Cc: security@FreeBSD.ORG Subject: Re: kerberos su problems betw 2 machines References: <3.0.3.32.19980625122541.006988b8@mail.plstn1.sfba.home.com> <3.0.3.32.19980707112409.031f3894@mail.plstn1.sfba.home.com> X-Emacs: 19.34 Mime-Version: 1.0 (generated by SEMI MIME-Edit 0.77) Content-Type: text/plain; charset=US-ASCII From: joda@pdc.kth.se (Johan Danielsson) Date: 07 Jul 1998 21:11:24 +0200 In-Reply-To: Ludwig Pummer's message of "Tue, 07 Jul 1998 11:24:09 -0700" Message-ID: Lines: 27 X-Mailer: Gnus v5.6.9/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ludwig Pummer writes: > So the kerberos stuff looks like it's coming from 24.1.82.47? Why is > that? Could it be because the 24.1.82.47 interface is brought up > first in rc.conf? Because your operating system thinks that's the best interface for taking to your KDC. > Yes, it's using kerberized login: > ludwigp@inet% klist > Ticket file: /tmp/tkt1001 > Principal: ludwigp@CHIPWEB.ML.ORG > > Issued Expires Principal > Jul 7 11:13:53 Jul 7 19:13:53 krbtgt.CHIPWEB.ML.ORG@CHIPWEB.ML.ORG But your login isn't paranoid enough. It should get a ticket for the local machine and try to decrypt it with the service key. Try adding the following to /etc/krb.equiv: 24.1.82.47 172.16.1.5 /Johan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message