[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Heimdal telnetd in Solaris: IPV6 problems?
Hello,
I'm deploying kerberized services (telnet/ftp) on several different Unix
OS's as part of the new Kerberos Realm. I have compiled Heimdal in Solaris 8
(64 bits) and all the commands work as expected, but telnetd is not working
as expected. Solaris has the 'tcp6' option in the protocol section in
/etc/inetd.conf, and I think that the problems are indeed related to IPV6.
When compiled with IPv6 support (the default behaviour IIRC) I get the
follogin error:
------
Waiting for encryption to be negotiated...
[ Trying mutual KERBEROS5 (host/ciscokid.net.itlog.pt@NET.ITLOG.PT)... ]
[ Kerberos V5 refuses authentication because krb5_sock_to_principal failed ]
[ Trying KERBEROS5 (host/ciscokid.net.itlog.pt@NET.ITLOG.PT)... ]
[ Kerberos V5 refuses authentication because krb5_sock_to_principal failed ]
----------
The logs show me that the client is making DNS queries using IPv6 (the
client is a GNU/Linux box running Debian, and it has IPv6 support). Using
tcp or tcp6 in inetd.conf doesn't make any difference.
I also compiled --without-ipv6 but the error persists. If I use 'tcp' in
inetd.conf the same error occurs (krb5_sock_to_principal failed), and if I
use tcp6 it gives me "krb5_auth_con_setaddrs_from_fd failed", which is more
or less normal since I compiled it without IPv6.
So I'm running out of ideas here... I need to have telnetd running in more
Solaris servers but this IPv6 thing is a show-stopper... I am pretty sure it
is IPv6 related, but I could be wrong. BTW the ftpd works as expected.
Anyone with similar problems? Is there any known fix? I will gladly provide
any aditional info required (logs, traces, etc).
cheers,
fsmunoz