From owner-freebsd-questions@FreeBSD.ORG Wed Aug 13 16:03:04 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A93737B401 for ; Wed, 13 Aug 2003 16:03:04 -0700 (PDT) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA2FE43FAF for ; Wed, 13 Aug 2003 16:03:03 -0700 (PDT) (envelope-from tillman@seekingfire.com) Received: from blues.seekingfire.prv (blues.seekingfire.prv [192.168.23.211]) by mail.seekingfire.com (Postfix) with ESMTP id 38EB8B2 for ; Wed, 13 Aug 2003 17:03:03 -0600 (CST) Received: (from tillman@localhost) by blues.seekingfire.prv (8.11.6/8.11.6) id h7DN32O08498 for questions@freebsd.org; Wed, 13 Aug 2003 17:03:02 -0600 Date: Wed, 13 Aug 2003 17:03:02 -0600 From: Tillman To: questions@freebsd.org Message-ID: <20030813170302.B22214@seekingfire.com> References: <200308131804.02367@misha-mx.virtual-estates.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200308131804.02367@misha-mx.virtual-estates.net>; from mi+mx@aldan.algebra.com on Wed, Aug 13, 2003 at 06:04:02PM -0400 X-Urban-Legend: There is lots of hidden information in headers Subject: Re: troubles telnet-ing with Kerberos X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Aug 2003 23:03:04 -0000 On Wed, Aug 13, 2003 at 06:04:02PM -0400, Mikhail Teterin wrote: > Hello! > > I'm trying to make the FreeBSD 5.x machine accept users based on > Kerberos' tickets. Ok ... > The telnet and telnetd seem like the most functional pair for this > excercise. (rlogin's man page documents Kerberos options, but they > are not implemented, it seems). True, in the base install. If you use the Heimdal or MIT port you'll get the fully implemented daemons. > The KDC is a Win2K server (with Active Directory), but, according > to tcpdump, nothing talks to it during the (failing) authentication > attempt. After adding ``-a debug -edebug -D report'' to telnetd, > I get the following, when trying to telnet to the host: I've never worked directly with an AD server acting as the KDC (I tend to use a cross-realm trust with a Unix KDC), so I can't help you there. But the new Kerberos book published by O'Reilly has a troubleshooting chapter available as a PDF which you might find helpful: http://www.oreilly.com/catalog/kerberos/chapter/ch05.pdf -T