[27415] in Kerberos
Re: Windows Integration attempt #2
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Thu Feb 8 14:17:40 2007
Message-ID: <45CB773B.5040104@anl.gov>
Date: Thu, 08 Feb 2007 13:17:15 -0600
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: Quanah Gibson-Mount <quanah@stanford.edu>
In-Reply-To: <762A699A70136C6F4BCF4C64@SW-90-717-287-3.stanford.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Quanah Gibson-Mount wrote:
>
> --On Thursday, February 08, 2007 7:32 AM -0500 Sam Hartman
> <hartmans@mit.edu> wrote:
>
>>>>>>> "Quanah" == Quanah Gibson-Mount <quanah@stanford.edu> writes:
>> Quanah> --On Wednesday, February 07, 2007 5:07 PM -0500 Sam
>> Quanah> Hartman
>> Quanah> <hartmans@mit.edu> wrote:
>>
>> >> I would be suspicious of whether you had properly managed to
>> >> set your machine password.
>>
>> Quanah> Define "machine password". You mean the password used
>> Quanah> between the machine and the KDC for the keytab that was
>> Quanah> created? That bit is obviously working because when those
>> Quanah> don't match, the KDC logs an error, which it isn't doing.
>> Quanah> In any case, I had that particular password in my C&P
>> Quanah> buffer, and simple pasted it in for both the KDC and the
>> Quanah> windows box, so it would be particularly difficult for it
>> Quanah> to be a typo...
>>
>> If the salt types are inconsistent or something I could see the key
>> working to obtain tickets but not to decrypt them.
>
> Hm, interesting. Is there an easy way to diagnose that?
No, but Wireshark (formally called ethereal) runs on Linux or Windows
can show you a lot of the Kerberos packets. There is a lot of unencrypted
data in them which includes the salt returned in the AS_REP or KRB_ERROR
message in response to a kinit using a password.
So if you know what password you used to create the keytab,
and the salt you used, you could double check that the same salt was
used in both.
>
> --Quanah
>
>
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITS/Shared Application Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos