Thanks to everyone who respoded to my SSH problem, it seems that one was a 
local config problem.

My next challenge is telnetting from NetBSD (2.0, 3.99.8) into a Solaris 
10 machine, KDC is running on NetBSD 2.0 and I can telnet back and forth 
between the NetBSD machines. I can run kinit w/o problems on Solaris and 
get a TGT, so the basics work, but telnetting from NetBSD into Solaris 
gives:

 	[ Trying KERBEROS5 ... ]
 	[ Kerberos V5 refuses authentication because Kerberos checksum verification failed: Bad encryption type ]
 	[ Trying KERBEROS5 ... ]
 	[ Kerberos V5 refuses authentication because Kerberos checksum verification failed: Bad encryption type ]
 	Password:

I've checked that the encryption types in my NetBSD TGT are the same as 
are available in the Solaris /etc/krb5/krb5.keytab file.

On NetBSD, I used "kinit -v" to see TGTs with des-cbc-crc and 
des3-cbc-sha1 listed.

On Solaris, I cannot convince ktutil to show me what's in my 
/etc/krb5/krb5.keytab file. As I created the keytab file on NetBSD anyways 
(in kadmin -l: "add -t host/sol10" and "ext /tmp/keytab host/sol10"), I 
used "ktutil -k /tmp/keytab list" to see that des-cbc-crc, des-cbc-md4, 
des-cbc-md5 and des3-cbc-sha1 are available.

I've moved /tmp/keytab from NetBSD to Solaris' /etc/krb5/krb5.keytab using 
(binary mode!) FTP, and used "openssl md5" on both sides to ensure the 
file is the same.

Is there anything obvious I'm missing?
Are NetBSD's (Heimdal?) and Solaris' (MIT?) Kerberos incompatible?
How to debug?

TIA!


  - Hubert