Jeffrey Altman <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... > Which Microsoft telnet.exe are you using that supports Kerberos 5 > authentication? As far as I am aware, the Microsoft telnet.exe > only supports NTLM. > > Jeffrey Altman > > > ROSS, Colin wrote: > > While testing use of the Vintela.com product VAS, I found that I could > > not get the -a valid argument to telnetd to work. I had to regress to > > the position of removing the -a valid argument from telnetd, whilst > > using the -aFx arguments with the M$ telnet client. A pity because I > > hoped to make telnet connections to my Solaris 9 Sparc box with needing > > to supply account names and passwords. I am at the position of not > > needing to supply account names right now. > > I also found that using the telentd that came with the Kerberos 1.3.5 I > > compiled left me with a problem arising from the use of long (> eight > > char) account names. My own account works fine, since it is quite short. > > Other users have been unable to telnet to the Solaris 9 box because > > their login is stumped when the account is a long name. For example, > > jonesj will work, but williamsmithf will not. This is a real pain as all > > account names are managed in M$ Active Directory product and some of the > > names are quite long (aren't people a bore, having such names). > > My point is, how can I re-compile Kerberos/telnetd to build in support > > for long account names? Secondly, what are the requisite steps I must > > take to permit the -a valid argument to telnetd to work? Is this keytab > > related? > > Best > > Colin > > PS Thx again for the previous assist re. 64 bit kerberos compile- works > > fine > > > > Colin Ross > > Readers & Technical Services Librarian > > Library > > House of Lords > > London > > SW1A 0PW > > > > 0207 219 2511 > > > > -------------------------------------------------------- > > > > UK Parliament Disclaimer: > > This e-mail is confidential to the intended recipient. If you have received it in > > error, please notify the sender and delete it from your system. Any unauthorised > > use, disclosure, or copying is not permitted. This e-mail has been checked for > > viruses, but no liability is accepted for any damage caused by any virus > > transmitted by this e-mail. > > -------------------------------------------------------- > > > > ________________________________________________ > > Kerberos mailing list [EMAIL PROTECTED] > > https://mailman.mit.edu/mailman/listinfo/kerberos > >
The Kerberos bit comes in because Vintela vas authentication is essentially Kerberos auth. If I log in and do klist I get< Ticket cache: FILE:/tmp/krb5cc_1001_SQ2421 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 10/22/04 10:00:13 10/22/04 20:00:14 krbtgt/[EMAIL PROTECTED] renew until 10/23/04 10:00:13 > That is the result of the VIntela product authenticating to Active Directory. Point is I telnet using a kerberised telnetd from the MIT distribution. Praps I am being unrealistic in expecting the -a valid argument to telnetd to work in this case. Nevertheless, the issue of the eight char limit on accounts names is still germane, as this is a Kerberos telnetd we are talking about, not the in.telnetd that comes with Solaris 9 (and which does not work at all with Vintela VAS). I should have mentioned that ssh connections do not exhibit this eight char account name limit Best Colin ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos