Jeffrey Altman <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>...
> Which Microsoft telnet.exe are you using that supports Kerberos 5
> authentication? As far as I am aware, the Microsoft telnet.exe
> only supports NTLM.
>
> Jeffrey Altman
>
>
> ROSS, Colin wrote:
> > While testing use of the Vintela.com product VAS, I found that I could
> > not get the -a valid argument to telnetd to work. I had to regress to
> > the position of removing the -a valid argument from telnetd, whilst
> > using the -aFx arguments with the M$ telnet client. A pity because I
> > hoped to make telnet connections to my Solaris 9 Sparc box with needing
> > to supply account names and passwords. I am at the position of not
> > needing to supply account names right now.
> > I also found that using the telentd that came with the Kerberos 1.3.5 I
> > compiled left me with a problem arising from the use of long (> eight
> > char) account names. My own account works fine, since it is quite short.
> > Other users have been unable to telnet to the Solaris 9 box because
> > their login is stumped when the account is a long name. For example,
> > jonesj will work, but williamsmithf will not. This is a real pain as all
> > account names are managed in M$ Active Directory product and some of the
> > names are quite long (aren't people a bore, having such names).
> > My
point is, how can I re-compile Kerberos/telnetd to build in support
> > for long account names? Secondly, what are the requisite steps I must
> > take to permit the -a valid argument to telnetd to work? Is this keytab
> > related?
> > Best
> > Colin
> > PS Thx again for the previous assist re. 64 bit kerberos compile- works
> > fine
> >
> > Colin Ross
> > Readers & Technical Services Librarian
> > Library
> > House of Lords
> > London
> > SW1A 0PW
> >
> > 0207 219 2511
> >
> > --------------------------------------------------------
> >
> > UK Parliament Disclaimer:
> > This e-mail is confidential to the intended recipient. If you have received it in
> > error, please notify the sender and delete it from your system. Any unauthorised
> > use, disclosure, or copying is not permitted. This e-mail has been checked for
> > viruses, but no liability is accepted for any damage caused by any virus
> > transmitted by this e-mail.
> > --------------------------------------------------------
> >
> > ________________________________________________
> > Kerberos mailing list [EMAIL PROTECTED]
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
The Kerberos bit comes in because Vintela vas authentication is
essentially Kerberos auth. If I log in and do klist I get< Ticket
cache: FILE:/tmp/krb5cc_1001_SQ2421
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
10/22/04 10:00:13 10/22/04 20:00:14
krbtgt/[EMAIL PROTECTED]
renew until 10/23/04 10:00:13
>
That is the result of the VIntela product authenticating to Active
Directory. Point is I telnet using a kerberised telnetd from the MIT
distribution. Praps I am being unrealistic in expecting the -a valid
argument to telnetd to work in this case. Nevertheless, the issue of
the eight char limit on accounts names is still germane, as this is a
Kerberos telnetd we are talking about, not the in.telnetd that comes
with Solaris 9 (and which does not work at all with Vintela VAS). I
should have mentioned that ssh connections do not exhibit this eight
char account name limit
Best
Colin
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
