[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Kerberos authentication

To: "'Heimdal-discuss@sics.se'" <Heimdal-discuss@sics.se>, "'openbsd@ucdavis.edu'" <openbsd@ucdavis.edu>
Subject: Kerberos authentication
From: Adam Getchell <AdamG@hrrm.ucdavis.edu>
Date: Tue, 17 Dec 2002 22:32:04 -0800
Cc: "Beau Patrette (bpatrette@ucdavis.edu)" <bpatrette@ucdavis.edu>, "'Tom Arons'" <arons@ece.ucdavis.edu>
Sender: owner-heimdal-discuss@sics.se

Hello all,

I'm trying to kerberize my OpenBSD servers, so I don't have to keep creating
local accounts, using kerberos 5 supplied by UC Davis.

I have read the fine FAQ here:
http://www.openbsd.org/faq/faq10.html#Kerberos which refers to kerberos IV.

I've read man 1 kerberos, info heimdal, man klist, man kdestroy, man 5
krb5.conf, man verify_krb5_conf.

I've documented my procedure here, along with my krb5.conf file:
http://insecure.ucdavis.edu/Members/adam/openbsd/openbsd-kerberos/

I'm not sure how to setup/verify a kerberosV client, as the FAQ is for
kerberosIV, and I don't appear to be able to translate my tickets.

Running:

webhost@/etc/kerberosV # verify_krb5_conf
verify_krb5_conf: /realms/UCDAVIS.EDU/supported_enctypes: unknown entry
verify_krb5_conf: /realms/UCDAVIS.EDU/default_tkt_enctypes: unknown entry
verify_krb5_conf: /realms/UCDAVIS.EDU/default_tgs_enctypes: unknown entry

Nevertheless, I can still obtain a ticket, and destroy it:

webhost@/etc/kerberosV # kinit adam
adam@UCDAVIS.EDU's Password: 
kinit: converting creds: converting credentials: Key table entry not found
webhost@/etc/kerberosV # klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: adam@UCDAVIS.EDU

  Issued           Expires          Principal                   
Dec 17 22:21:30  Dec 18 08:20:58  krbtgt/UCDAVIS.EDU@UCDAVIS.EDU

v4-ticket file: /tmp/tkt0
klist: No ticket file (tf_util)
webhost@/etc/kerberosV # klist -v
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: adam@UCDAVIS.EDU
    Cache version: 4

Server: krbtgt/UCDAVIS.EDU@UCDAVIS.EDU
Ticket etype: des-cbc-crc, kvno 1
Auth time:  Dec 17 22:21:30 2002
End time:   Dec 18 08:20:58 2002
Ticket flags: initial
Addresses: IPv4:169.237.48.36


v4-ticket file: /tmp/tkt0
klist: No ticket file (tf_util)
webhost@/etc/kerberosV # kdestroy
webhost@/etc/kerberosV # klist -v
klist: No ticket file: /tmp/krb5cc_0

v4-ticket file: /tmp/tkt0
klist: No ticket file (tf_util)
webhost@/etc/kerberosV # 

So, what am I missing to configure my dozen-odd OpenBSD boxes to
authenticate?

Thanks,

***************************	
* Adam Getchell					AdamG@hrrm.ucdavis.edu
* System Architect/Programmer			(530) 752-1584
* Human Resources Information Systems	http://www.hr.ucdavis.edu/
***************************	
"Invincibility is in oneself, vulnerability in the opponent." -- Sun Tzu

Follow-Ups:
- Re: Kerberos authentication
  - From: "David S." <davids@idiom.com>

Prev by Date: Re: database "password cracker"?
Next by Date: Re: Kerberos authentication
Prev by thread: Re: database "password cracker"?
Next by thread: Re: Kerberos authentication
Index(es):
- Date
- Thread