Heimdal and IPv6

To: tech-security%netbsd.org@localhost, tech-net%netbsd.org@localhost
Subject: Heimdal and IPv6
From: Roy Marples <roy%marples.name@localhost>
Date: Sat, 25 Oct 2008 16:27:38 +0100

Hi List

I've installed NetBSD-4.99.73 on an AMD64 server, correctly configured
as an IPv4 and IPv6 gateway.

As Heimdal comes in the base system, I played around a little and have
it working sweet except for one details - kerberos fails over IPv6

$ telnet -ax ip6.marples.name
Trying fee1::209:5bff:fe84:887d...
Connected to ip6.marples.name.
Escape character is '^]'.
[ Trying KERBEROS5 ... ]
[ Kerberos V5 refuses authentication because Read req failed: Key table
entry not found ]

# ktutil l
FILE:/etc/krb5.keytab:

Vno  Type                     Principal
  1  des-cbc-md5              host/ip6.marples.name%MARPLES.NAME@localhost
  1  des-cbc-md4              host/ip6.marples.name%MARPLES.NAME@localhost
  1  des-cbc-crc              host/ip6.marples.name%MARPLES.NAME@localhost
  1  aes256-cts-hmac-sha1-96  host/ip6.marples.name%MARPLES.NAME@localhost
  1  des3-cbc-sha1            host/ip6.marples.name%MARPLES.NAME@localhost
  1  arcfour-hmac-md5         host/ip6.marples.name%MARPLES.NAME@localhost

$ host ip6.marples.name
ip6.marples.name has IPv6 address fee1::209:5bff:fe84:887d
$ host fee1::209:5bff:fe84:887d
d.7.8.8.4.8.e.f.f.f.b.5.9.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.1.e.e.f.ip6.arpa
domain name pointer ip6.marples.name.

Adding the principle host/fee1::209:5bff:fe84:887d then gives
[ Kerberos V5 refuses authentication because Read req failed: Decrypt
integrity check failed ]

Any ideas?
Worth filing a PR?

Thanks

Roy

Follow-Ups:
- Re: Heimdal and IPv6
  - From: Christos Zoulas

Prev by Date: xen boot parameter for network boot
Next by Date: Re: Heimdal and IPv6
Previous by Thread: xen boot parameter for network boot
Next by Thread: Re: Heimdal and IPv6
Indexes:

Home | Main Index | Thread Index | Old Index