Are those services in inetd.conf(telnetd, ftpd) kerberized already??

Mark Jayson Alvarez jay2xra at
Thu Jun 2 03:45:25 GMT 2005

  I'm trying to configure a kerberos realm, and I have
already installed heimdal on one FreeBSD5.4 machine
and was able to run KDC daemon. I can already acquire
a TGT and was about to test it using telnet.

First, after acquiring a ticket granting ticket, I
launched telnet on another machine with inetd running
and telnetd enabled already in its inetd.conf..
However, my telnet client said the following:

(host/ at CAMLANN.PREGI.NET)...
[ Kerberos V5 refuses authentication because
krb5_sock_to_principal failed ]..

Some of kerberos clients are already installed by
default right? Ex., even without installing heimdal, I
can still run kinit. How about those server daemons
like telnetd?? Are they already built to accept a
kerberos authentication?

Why am I getting the above messages even if I use the
telnet client inside "/usr/local/heimdal/bin" against
the telnetd found inside "/usr/local/heimdal/libexec
-a user" of the remote machine I am connecting to. And
even if I use the default /usr/bin/telnet against
/usr/libexec/telnetd -a user of the remote machine, I
still get the same error above.

Now if I pair a /usr/bin/telnet against the
"/usr/local/heimdal/libexec/telnetd -a debug"on the
remote computer, I still get the same error above but
now with a warning:

*** Connection not encrypted! Communication may be
eavesdropped. ***

and also the login prompt.. this time it is allowing
me to login, only not encrypted, unlike when I use
those pairings above which automatically exits upon
failed authentication.

Do you have any idea what's happening here?

Thank you very much.

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the freebsd-questions mailing list