[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: telnet problem





Jose Alberto wrote:

> Hi
> I'm having a similar problem, I used:
>
> telnet    stream    tcp    nowait    root    
> /usr/local/kerberos/libexec/telnetd telnetd -a valid -D options
>
> (note the Debug -D option) in /etc/inetd.conf
>
> so I got this with the Heimdal telnet/telnetd distribution:
>
> # bin/telnet -l root -x CERBERUS.CTXFARMS.ARANEA.COM
> Encryption is verbose
> Trying 192.0.0.116...
> Connected to CERBERUS.
> Escape character is '^]'.
> td: send do AUTHENTICATION
> td: recv will AUTHENTICATION
> td: send suboption AUTHENTICATION SEND KERBEROS_V5 
> CLIENT|MUTUAL|ENCRYPT KERBEROS_V5 CLIENT|MUTUAL|ENCRYPT KERBEROS_V5 
> CLIENT|ONE-WAY|ENCRYPT
> td: recv do ENCRYPT
> td: send will ENCRYPT
> td: recv will ENCRYPT
> td: send do ENCRYPT
> td: send suboption ENCRYPT SUPPORT DES_CFB64 DES_OFB64
> td: recv do SUPPRESS GO AHEAD
> td: send will SUPPRESS GO AHEAD
> td: recv will TERMINAL TYPE
> td: send do TERMINAL TYPE
> td: recv will NAWS
> td: send do NAWS
> td: recv will TSPEED
> td: send do TSPEED
> td: recv will LFLOW
> td: send do LFLOW
> td: recv will LINEMODE
> td: send dont LINEMODE
> td: recv will NEW-ENVIRON
> td: send do NEW-ENVIRON
> td: recv do STATUS
> td: send will STATUS
> td: recv will XDISPLOC
> td: send do XDISPLOC
> td: recv suboption AUTHENTICATION IS NULL CLIENT|ONE-WAY
> td: recv suboption ENCRYPT REQUEST-START
> td: recv suboption ENCRYPT SUPPORT DES_CFB64 DES_OFB64
> td: recv suboption NAWS 0 87 (87) 0 62 (62)
> td: send do OLD-ENVIRON
> td: recv wont OLD-ENVIRON
> td: recv suboption TERMINAL-SPEED IS 38400,38400
> td: recv suboption X-DISPLAY-LOCATION IS "192.0.0.116:0.0"
> td: recv suboption NEW-ENVIRON IS VAR "USER" VALUE "root" VAR 
> "DISPLAY" VALUE "192.0.0.116:0.0"
> telnetd: Authorization failed.
> Connection closed by foreign host.
> #
>
> And I tried the same with the telnet/telnetd MIT distribution:
>
> # bin/telnet -l root -x CERBERUS.CTXFARMS.ARANEA.COM
> Trying 192.0.0.116...
> Connected to CERBERUS (192.0.0.116).
> Escape character is '^]'.
> Waiting for encryption to be negotiated...
> td: send do AUTHENTICATION
> td: recv will AUTHENTICATION
> td: send suboption AUTHENTICATION SEND KERBEROS_V5 
> CLIENT|MUTUAL|ENCRYPT KERBEROS_V5 CLIENT|MUTUAL|ENCRYPT KERBEROS_V5 
> CLIENT|ONE-WAY|ENCRYPT
> td: recv do ENCRYPT
> td: send will ENCRYPT
> td: recv will ENCRYPT
> td: send do ENCRYPT
> td: send suboption ENCRYPT SUPPORT DES_CFB64 DES_OFB64
> td: recv do SUPPRESS GO AHEAD
> td: send will SUPPRESS GO AHEAD
> td: recv will TERMINAL TYPE
> td: send do TERMINAL TYPE
> td: recv will NAWS
> td: send do NAWS
> td: recv will TSPEED
> td: send do TSPEED
> td: recv will LFLOW
> Authentication negotation has failed, which is required for
> encryption.  Good bye.
> td: send do LFLOW
> td: recv will LINEMODE
> td: send dont LINEMODE
> td: recv will NEW-ENVIRON
> td: send do NEW-ENVIRON
> td: recv do STATUS
> td: send will STATUS
> td: recv will XDISPLOC
> td: send do XDISPLOC
>
> #
>
> I have no idea why the authentication negotiation is failed.
>
> Pleas HELP!!!!!
>
Well, after a while, I realized that the host service wasn't added to my 
KDC database, so I added with kadmin:

kadmin>ank --random_key  host/cerberus

and I also copied to the keytab file:
kadmin>ext_keytab host/cerberus


After this I tried the ftp/ftpd and telnet/telnetd MIT kerberos 
distribution and is working wrght!!!! (Yes they are working with the 
heimdal kdc server)

However, if I use the ftp/ftpd and telnet/telnetd HEimdal distribution 
I'm unable to get authenticated!!!

Some idea what is happening.

>