[27415] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Windows Integration attempt #2

daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Thu Feb 8 14:17:40 2007

Message-ID: <45CB773B.5040104@anl.gov>
Date: Thu, 08 Feb 2007 13:17:15 -0600
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: Quanah Gibson-Mount <quanah@stanford.edu>
In-Reply-To: <762A699A70136C6F4BCF4C64@SW-90-717-287-3.stanford.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu



Quanah Gibson-Mount wrote:
> 
> --On Thursday, February 08, 2007 7:32 AM -0500 Sam Hartman 
> <hartmans@mit.edu> wrote:
> 
>>>>>>> "Quanah" == Quanah Gibson-Mount <quanah@stanford.edu> writes:
>>     Quanah> --On Wednesday, February 07, 2007 5:07 PM -0500 Sam
>>     Quanah> Hartman
>>     Quanah> <hartmans@mit.edu> wrote:
>>
>>     >> I would be suspicious of whether you had properly managed to
>>     >> set your machine password.
>>
>>     Quanah> Define "machine password".  You mean the password used
>>     Quanah> between the machine and the KDC for the keytab that was
>>     Quanah> created?  That bit is obviously working because when those
>>     Quanah> don't match, the KDC logs an error, which it isn't doing.
>>     Quanah> In any case, I had that particular password in my C&P
>>     Quanah> buffer, and simple pasted it in for both the KDC and the
>>     Quanah> windows box, so it would be particularly difficult for it
>>     Quanah> to be a typo...
>>
>> If the salt types are inconsistent or something I could see the key
>> working to obtain tickets but not to decrypt them.
> 
> Hm, interesting.  Is there an easy way to diagnose that?

No, but Wireshark (formally called ethereal) runs on Linux or Windows
can show you a lot of the Kerberos packets. There is a lot of unencrypted
data in them which includes the salt returned in the AS_REP or KRB_ERROR
message in response to a kinit using a password.

So if you know what password you used to create the keytab,
and the salt you used, you could double check that the same salt was
used in both.


> 
> --Quanah
> 
> 
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITS/Shared Application Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post