Help: krb5_sock_to_principal failed -> Kerberos guru(kindhearted)... Anyone? Here?

Mark Jayson Alvarez jay2xra at
Thu Jun 2 09:12:12 GMT 2005

  I'm trying to configure a kerberos realm, and I have
already installed heimdal on one FreeBSD5.4 machine
and was able to run KDC daemon. I can already acquire
a TGT and was about to test it using telnet.

First, after acquiring a ticket granting ticket, I
launched telnet on another machine with inetd running
and telnetd enabled already in its inetd.conf..
However, my telnet client said the following:

(host/ at CAMLANN.PREGI.NET)...
[ Kerberos V5 refuses authentication because
krb5_sock_to_principal failed ]..

Some of kerberos clients are already installed by
default right? Ex., even without installing heimdal, I
can still run kinit. How about those server daemons
like telnetd?? Are they already built to accept a
kerberos authentication?

Why am I getting the above messages even if I use the
telnet client inside "/usr/local/heimdal/bin" against
the telnetd found inside "/usr/local/heimdal/libexec
-a user" of the remote machine I am connecting to. And
even if I use the default /usr/bin/telnet against
/usr/libexec/telnetd -a user of the remote machine, I
still get the same error above.

Now if I pair a /usr/bin/telnet against the
"/usr/local/heimdal/libexec/telnetd -a debug"on the
remote computer, I still get the same error above but
now with a warning:

*** Connection not encrypted! Communication may be
eavesdropped. ***

and also the login prompt.. this time it is allowing
me to login, only not encrypted, unlike when I use
those pairings above which automatically exits upon
failed authentication.

Do you have any idea what's happening here?

Thank you very much.

Discover Yahoo! 
Use Yahoo! to plan a weekend, have fun online and more. Check it out!

More information about the freebsd-questions mailing list