tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kerberosV with kerberosIV compatibility



"Tracy J. Di Marco White" <gendalia%iastate.edu@localhost> writes:

> The 3 krb4 files are there.

I think that the krb4 files are used when doing the 5to4 conversion.
 
> tcpdump of doing kinit -4 gendalia:
> 
> 05:33:06.828395 bb.cc.iastate.edu.64835 > ns-1.iastate.edu.domain:  60459+ 
> SRV ? _kerberos._udp.IASTATE.EDU. (44)
> 05:33:06.831322 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64835:  60459 
> 2/1/2 (196)
> 05:33:06.831649 bb.cc.iastate.edu.64834 > ns-1.iastate.edu.domain:  60460+ 
> SRV ? _kerberos._tcp.IASTATE.EDU. (44)
> 05:33:06.835368 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64834:  60460 
> 2/1/2 (196)
> 05:33:06.835533 bb.cc.iastate.edu.64833 > ns-1.iastate.edu.domain:  60461+ 
> SRV ? _kerberos._http.IASTATE.EDU. (45)
> 05:33:06.837652 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64833:  60461 
> NXDomain* 0/1/0 (101)
> 05:33:06.838321 bb.cc.iastate.edu.64832 > ns-1.iastate.edu.domain:  60462+ 
> AAAA? kerberos-1.iastate.edu. (40)
> 05:33:06.841294 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64832:  60462* 
> 0/1/0 (96)
> 05:33:06.841390 bb.cc.iastate.edu.64831 > ns-1.iastate.edu.domain:  60463+ A? 
> kerberos-1.iastate.edu. (40)
> 05:33:06.845174 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64831:  60463* 
> 1/5/6 A 129.186.0.0 (276)
> 05:33:06.845311 bb.cc.iastate.edu.64830 > kerberos-1.iastate.edu.kerberos:  v5
> 05:33:06.860808 kerberos-1.iastate.edu.kerberos > bb.cc.iastate.edu.64830:  v5
> 05:33:06.862702 bb.cc.iastate.edu.64829 > ns-1.iastate.edu.domain:  60464+ 
> SRV ? _kerberos._udp.IASTATE.EDU. (44)
> 05:33:06.865530 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64829:  60464 
> 2/1/2 (196)
> 05:33:06.865710 bb.cc.iastate.edu.64828 > ns-1.iastate.edu.domain:  60465+ 
> SRV ? _kerberos._tcp.IASTATE.EDU. (44)
> 05:33:06.868550 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64828:  60465 
> 2/1/2 (196)
> 05:33:06.868714 bb.cc.iastate.edu.64827 > ns-1.iastate.edu.domain:  60466+ 
> SRV ? _kerberos._http.IASTATE.EDU. (45)
> 05:33:06.871457 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64827:  60466 
> NXDomain* 0/1/0 (101)
> 05:33:06.871674 bb.cc.iastate.edu.64826 > ns-1.iastate.edu.domain:  60467+ 
> AAAA? kerberos-1.iastate.edu. (40)
> 05:33:06.874426 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64826:  60467* 
> 0/1/0 (96)
> 05:33:06.874514 bb.cc.iastate.edu.64825 > ns-1.iastate.edu.domain:  60468+ A? 
> kerberos-1.iastate.edu. (40)
> 05:33:06.878457 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64825:  60468* 
> 1/5/6 A 129.186.0.0 (276)
> 05:33:06.878567 bb.cc.iastate.edu.64824 > kerberos-1.iastate.edu.kerberos: 

This packet is interesting, since it should go to port 4444 (krb524/udp), not
port 88 (kerberos/udp).

Can you check that your /etc/services contain a krb524 that points to 88 ?

Love



Home | Main Index | Thread Index | Old Index