*BSD News Article 86176


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.Hawaii.Edu!news.uoregon.edu!newsxfer3.itd.umich.edu!howland.erols.net!vixen.cso.uiuc.edu!newsrelay.iastate.edu!news.iastate.edu!spiff.cc.iastate.edu!graphix
From: graphix@iastate.edu (Kent A Vander Velden)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: User PPP and Kerberos... What's up?
Date: 4 Jan 97 03:53:49 GMT
Organization: Iowa State University, Ames, Iowa
Lines: 73
Message-ID: <graphix.852350029@spiff.cc.iastate.edu>
References: <graphix.851371569@spiff.cc.iastate.edu> <5agqd5$jml$1@mark.ucdavis.edu> <graphix.852304508@spiff.cc.iastate.edu>
NNTP-Posting-Host: spiff.cc.iastate.edu
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:33581

In <graphix.852304508@spiff.cc.iastate.edu> graphix@iastate.edu (Kent A Vander Velden) writes:

>In <5agqd5$jml$1@mark.ucdavis.edu> ccjason@quadrophenia.ucdavis.edu (Jason Gabler) writes:

>>Kent A Vander Velden (graphix@iastate.edu) wrote:
>>:   When I am using user PPP  on either or both my local machine and/or
>>: the PPP server, Kerberos fails.  Both machines are FreeBSD machines.
>>: Kerberos works on the PPP server.  If I use kernel PPP on both machines,
>>: Kerberos works.  Kerberos used tork on my local machine and I can not
>>: think of anything that has changed to break Kerberos.  I am not doing
>>: any filtering.
>>:   Is anyone else able to use Kerberos with user PPP?  
>>:   Thanks.  Any help would be greatly appreciated.

>>Kent,

>>	you need to describe in MUCH greater detail what you mean by
>>"Kerberos works...".  And, I am getting the feelings that this is a
>>Kerberos question, not a FreeBSD question.

>  Simple commands such as 'kinit' will fail with a message to the affect
>that it could not assign the port.  Note again, this is only the case
>when using user PPP and not kernel PPP.  

  Ok, I am home now and can give you the exact error message...

src|Fri9:53pm} kinit graphix
MIT Project Athena (pseudo.cc.iastate.edu)
Kerberos Initialization for "graphix"
krb_bind_local_addr: bind: Invalid argument
krb_bind_local_addr: Can't bind local addresskinit: Can't send request
(send_to_kdc)

  (on the client side of ppp connection)

~|Fri9:55pm} tcpdump -i tun0
tcpdump: listening on tun0
21:56:03.871789 pseudo.1176 > kerberos-1.iastate.edu.kerberos: v4 le
KDC_REQUEST:  [|kerberos]


  So, a request goes out but nothing comes back...

  (On the server side of the ppp connection)

~|Fri9:57pm} tcpdump -i tun0 not port telnet
tcpdump: listening on tun0
21:57:43.422795 pseudo.cc.iastate.edu.1195 >
kerberos-1.iastate.edu.kerberos: . 3617967:3617998(31) ack 67331954 win
26729 urg 73 <opt-65:544154452e4544550049d5cd32606b726274677400493c[|tcp]>

  That's it.  Only the request...

  And, watching the ethernet on the server side...

~|Fri10:04pm} tcpdump host kerberos-1
tcpdump: listening on lnc0
<nothing>

  So, it would seem that somehow the packet gets lost on the server
side.

  No filters are enabled here.

  I hope this is enough information for someone to find the error.
Surely if kerberos packets are failing to get though then user level ppp
is prob. failing in other ways as well.

  Thanks.
-- 
Kent Vander Velden
graphix@iastate.edu