Shishi interop server running

help-shishi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Shishi interop server running

From:	Simon Josefsson
Subject:	Shishi interop server running
Date:	Wed, 08 Aug 2012 15:18:21 +0200
User-agent:	Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.3 (gnu/linux)

All,

I have setup a Shishi KDC for interop purposes on interop.josefsson.org.
The server is running Ubuntu 12.04 with Shishi installed from packages.
The machine configuration is public, Shishi specific parts are here:

https://www.gitorious.org/cosmos/sjd-cosmos/blobs/master/interop.josefsson.org/pre-tasks.d/910shishi
https://www.gitorious.org/cosmos/sjd-cosmos/blobs/master/interop.josefsson.org/post-tasks.d/920shishi

You can test it by invoking 'shishi address@hidden' as a
client.  The password is 'pencil'.  Of course, MIT/Heimdal clients
should work as well.  See simple transcript here:

address@hidden:~$ shishi address@hidden
Enter password for address@hidden': 

address@hidden:
Authtime:       Wed Aug  8 15:03:14 2012
Endtime:        Wed Aug  8 23:03:12 2012
Server:         krbtgt/interop.josefsson.org key aes256-cts-hmac-sha1-96 (18)
Ticket key:     aes256-cts-hmac-sha1-96 (18) protected by 
aes256-cts-hmac-sha1-96 (18)
Ticket flags:   INITIAL (512)
address@hidden:~$ 

Or using MIT Kerberos:

address@hidden:~$ kinit user
Password for address@hidden: 
address@hidden:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: address@hidden

Valid starting       Expires              Service principal
2012-08-08 15:04:16  2012-08-09 15:04:14  krbtgt/address@hidden
address@hidden:~$ 

Or using Heimdal:

address@hidden:~$ kinit user
address@hidden's Password: 
address@hidden:~$ klist
Credentials cache: FILE:/tmp/krb5cc_1000
        Principal: address@hidden

  Issued                Expires               Principal
Aug  8 15:06:42 2012  Aug  9 01:06:38 2012  krbtgt/address@hidden
address@hidden:~$ 

If you want to test a Kerberized client against the server, there is
also a telnetd running on the machine, and it accepts Kerberos login for
the user 'user' for the principal address@hidden  The
telnetd server is GNU InetUtils, also from Ubuntu packages.

To test it on the client side, you can install the 'inetutils-telnet'
package on your machine.  Put 'default-realm interop.josefsson.org' in
your ~/.shishi/shishi.conf to configure Shishi for this realm.  Make
sure you have tickets (see above) and then try it like this:

address@hidden:~$ inetutils-telnet -l user interop.josefsson.org
Trying 178.79.173.181...
Automatic decryption of input is enabled
Automatic encryption of output is enabled
Will send login name and/or authentication information.
Encryption is verbose
Connected to interop.josefsson.org.
Escape character is '^]'.
[ Kerberos V5 accepts you as ``interop.josefsson.org'' (server authenticated) ]
[ Output is now encrypted with type DES_CFB64 ]
[ Input is now decrypted with type DES_CFB64 ]
...
Connection closed by foreign host.
address@hidden:~$ 

This is with a ~/.telnetrc file that contains:

DEFAULT
 environ export XAUTHORITY
 set autodecrypt
 set autoencrypt
 set autologin
# set authdebug
 set verbose_encrypt

Unfortunately, MIT and Heimdal telnet clients doesn't appear to deal
with AES keys (sigh!) so you can't connect to it using MIT telnet.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

Shishi interop server running, Simon Josefsson <=
- Re: Shishi interop server running, Mats Erik Andersson, 2012/08/09
  - Re: Shishi interop server running, Mats Erik Andersson, 2012/08/15

Prev by Date: Re: Broken k5login authentication type.
Next by Date: Re: Solved: shishi directory rights
Previous by thread: Principal name guessing needs LOGNAME.
Next by thread: Re: Shishi interop server running
Index(es):
- Date
- Thread