tech-crypto archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kerberosV with kerberosIV compatibility
"Tracy J. Di Marco White" <gendalia%iastate.edu@localhost> writes:
> The 3 krb4 files are there.
I think that the krb4 files are used when doing the 5to4 conversion.
> tcpdump of doing kinit -4 gendalia:
>
> 05:33:06.828395 bb.cc.iastate.edu.64835 > ns-1.iastate.edu.domain: 60459+
> SRV ? _kerberos._udp.IASTATE.EDU. (44)
> 05:33:06.831322 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64835: 60459
> 2/1/2 (196)
> 05:33:06.831649 bb.cc.iastate.edu.64834 > ns-1.iastate.edu.domain: 60460+
> SRV ? _kerberos._tcp.IASTATE.EDU. (44)
> 05:33:06.835368 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64834: 60460
> 2/1/2 (196)
> 05:33:06.835533 bb.cc.iastate.edu.64833 > ns-1.iastate.edu.domain: 60461+
> SRV ? _kerberos._http.IASTATE.EDU. (45)
> 05:33:06.837652 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64833: 60461
> NXDomain* 0/1/0 (101)
> 05:33:06.838321 bb.cc.iastate.edu.64832 > ns-1.iastate.edu.domain: 60462+
> AAAA? kerberos-1.iastate.edu. (40)
> 05:33:06.841294 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64832: 60462*
> 0/1/0 (96)
> 05:33:06.841390 bb.cc.iastate.edu.64831 > ns-1.iastate.edu.domain: 60463+ A?
> kerberos-1.iastate.edu. (40)
> 05:33:06.845174 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64831: 60463*
> 1/5/6 A 129.186.0.0 (276)
> 05:33:06.845311 bb.cc.iastate.edu.64830 > kerberos-1.iastate.edu.kerberos: v5
> 05:33:06.860808 kerberos-1.iastate.edu.kerberos > bb.cc.iastate.edu.64830: v5
> 05:33:06.862702 bb.cc.iastate.edu.64829 > ns-1.iastate.edu.domain: 60464+
> SRV ? _kerberos._udp.IASTATE.EDU. (44)
> 05:33:06.865530 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64829: 60464
> 2/1/2 (196)
> 05:33:06.865710 bb.cc.iastate.edu.64828 > ns-1.iastate.edu.domain: 60465+
> SRV ? _kerberos._tcp.IASTATE.EDU. (44)
> 05:33:06.868550 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64828: 60465
> 2/1/2 (196)
> 05:33:06.868714 bb.cc.iastate.edu.64827 > ns-1.iastate.edu.domain: 60466+
> SRV ? _kerberos._http.IASTATE.EDU. (45)
> 05:33:06.871457 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64827: 60466
> NXDomain* 0/1/0 (101)
> 05:33:06.871674 bb.cc.iastate.edu.64826 > ns-1.iastate.edu.domain: 60467+
> AAAA? kerberos-1.iastate.edu. (40)
> 05:33:06.874426 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64826: 60467*
> 0/1/0 (96)
> 05:33:06.874514 bb.cc.iastate.edu.64825 > ns-1.iastate.edu.domain: 60468+ A?
> kerberos-1.iastate.edu. (40)
> 05:33:06.878457 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64825: 60468*
> 1/5/6 A 129.186.0.0 (276)
> 05:33:06.878567 bb.cc.iastate.edu.64824 > kerberos-1.iastate.edu.kerberos:
This packet is interesting, since it should go to port 4444 (krb524/udp), not
port 88 (kerberos/udp).
Can you check that your /etc/services contain a krb524 that points to 88 ?
Love
Home |
Main Index |
Thread Index |
Old Index