Greetings, I am trying to debug a Kerberos setup with a MIT KDC/TGS and Cisco Catalyst 3750. Things are progressing, but I've hit a wall.
Here is what I perform on my workstation: $ kinit $ telnet kplz354s2 Trying 10.25.1.14... Will send login name and/or authentication information. Connected to kplz354s2.d.umn.edu (10.25.1.14). Escape character is '^]'. [ Kerberos V5 accepts you as ``[email protected]'' ] % Authentication failed Connection closed by foreign host. This may be a obvious question, but does the "Kerberos V5 accepts you as ``blah''" come from the switch? I am trying to cover all the bases here and the switch is definitely reporting "Authentication failed", so I am wondering if it is also reporting the "accepts you as" line as well. I've performed some tcpdump/wireshark and didn't see anything that would indicate that the switch believes me to be [email protected]. Also, for those who are cisco-nuts, here are the relevant configs from the switch: aaa new-model ! aaa user profile [email protected] aaa user profile mzagrabe ! aaa authentication attempts login 1 aaa authentication login telnet krb5-telnet aaa authorization exec default if-authenticated aaa authorization exec telnet if-authenticated ! ! ! aaa session-id common clock timezone CST -6 clock summer-time CDT recurring switch 1 provision ws-c3750-24ts system mtu routing 1500 authentication mac-move permit ip subnet-zero ip domain-name d.umn.edu ip name-server 131.212.32.32 ! ! kerberos local-realm D.UMN.EDU kerberos srvtab entry host/[email protected] <stuff removed> kerberos realm .d.umn.edu D.UMN.EDU kerberos clients mandatory kerberos server D.UMN.EDU 131.212.60.117 kerberos credentials forward Thanks, -- Matt Zagrabelny - [email protected] - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 4096R/42A00942 2009-12-16 Fingerprint: 5814 2CCE 2383 2991 83FF C899 07E2 BFA8 42A0 0942 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
signature.asc
Description: This is a digitally signed message part
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
