tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Heimdal and IPv6



In article <20081025162738.738652a1%uberpc.marples.name@localhost>,
Roy Marples  <roy%marples.name@localhost> wrote:
>Hi List
>
>I've installed NetBSD-4.99.73 on an AMD64 server, correctly configured
>as an IPv4 and IPv6 gateway.
>
>As Heimdal comes in the base system, I played around a little and have
>it working sweet except for one details - kerberos fails over IPv6
>
>$ telnet -ax ip6.marples.name
>Trying fee1::209:5bff:fe84:887d...
>Connected to ip6.marples.name.
>Escape character is '^]'.
>[ Trying KERBEROS5 ... ]
>[ Kerberos V5 refuses authentication because Read req failed: Key table
>entry not found ]
>
># ktutil l
>FILE:/etc/krb5.keytab:
>
>Vno  Type                     Principal
>  1  des-cbc-md5              host/ip6.marples.name%MARPLES.NAME@localhost
>  1  des-cbc-md4              host/ip6.marples.name%MARPLES.NAME@localhost
>  1  des-cbc-crc              host/ip6.marples.name%MARPLES.NAME@localhost
>  1  aes256-cts-hmac-sha1-96  host/ip6.marples.name%MARPLES.NAME@localhost
>  1  des3-cbc-sha1            host/ip6.marples.name%MARPLES.NAME@localhost
>  1  arcfour-hmac-md5         host/ip6.marples.name%MARPLES.NAME@localhost
>
>$ host ip6.marples.name
>ip6.marples.name has IPv6 address fee1::209:5bff:fe84:887d
>$ host fee1::209:5bff:fe84:887d
>d.7.8.8.4.8.e.f.f.f.b.5.9.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.1.e.e.f.ip6.arpa
>domain name pointer ip6.marples.name.
>
>Adding the principle host/fee1::209:5bff:fe84:887d then gives
>[ Kerberos V5 refuses authentication because Read req failed: Decrypt
>integrity check failed ]
>
>Any ideas?
>Worth filing a PR?

Please.

christos



Home | Main Index | Thread Index | Old Index