tech-crypto: Re: kerberosV with kerberosIV compatibility

Subject: Re: kerberosV with kerberosIV compatibility
To: Tracy J. Di Marco White <gendalia@iastate.edu>
From: Love <lha@stacken.kth.se>
List: tech-crypto
Date: 11/02/2000 13:30:15
"Tracy J. Di Marco White" <gendalia@iastate.edu> writes:

> The 3 krb4 files are there.

I think that the krb4 files are used when doing the 5to4 conversion.
 
> tcpdump of doing kinit -4 gendalia:
> 
> 05:33:06.828395 bb.cc.iastate.edu.64835 > ns-1.iastate.edu.domain:  60459+ SRV ? _kerberos._udp.IASTATE.EDU. (44)
> 05:33:06.831322 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64835:  60459 2/1/2 (196)
> 05:33:06.831649 bb.cc.iastate.edu.64834 > ns-1.iastate.edu.domain:  60460+ SRV ? _kerberos._tcp.IASTATE.EDU. (44)
> 05:33:06.835368 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64834:  60460 2/1/2 (196)
> 05:33:06.835533 bb.cc.iastate.edu.64833 > ns-1.iastate.edu.domain:  60461+ SRV ? _kerberos._http.IASTATE.EDU. (45)
> 05:33:06.837652 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64833:  60461 NXDomain* 0/1/0 (101)
> 05:33:06.838321 bb.cc.iastate.edu.64832 > ns-1.iastate.edu.domain:  60462+ AAAA? kerberos-1.iastate.edu. (40)
> 05:33:06.841294 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64832:  60462* 0/1/0 (96)
> 05:33:06.841390 bb.cc.iastate.edu.64831 > ns-1.iastate.edu.domain:  60463+ A? kerberos-1.iastate.edu. (40)
> 05:33:06.845174 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64831:  60463* 1/5/6 A 129.186.0.0 (276)
> 05:33:06.845311 bb.cc.iastate.edu.64830 > kerberos-1.iastate.edu.kerberos:  v5
> 05:33:06.860808 kerberos-1.iastate.edu.kerberos > bb.cc.iastate.edu.64830:  v5
> 05:33:06.862702 bb.cc.iastate.edu.64829 > ns-1.iastate.edu.domain:  60464+ SRV ? _kerberos._udp.IASTATE.EDU. (44)
> 05:33:06.865530 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64829:  60464 2/1/2 (196)
> 05:33:06.865710 bb.cc.iastate.edu.64828 > ns-1.iastate.edu.domain:  60465+ SRV ? _kerberos._tcp.IASTATE.EDU. (44)
> 05:33:06.868550 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64828:  60465 2/1/2 (196)
> 05:33:06.868714 bb.cc.iastate.edu.64827 > ns-1.iastate.edu.domain:  60466+ SRV ? _kerberos._http.IASTATE.EDU. (45)
> 05:33:06.871457 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64827:  60466 NXDomain* 0/1/0 (101)
> 05:33:06.871674 bb.cc.iastate.edu.64826 > ns-1.iastate.edu.domain:  60467+ AAAA? kerberos-1.iastate.edu. (40)
> 05:33:06.874426 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64826:  60467* 0/1/0 (96)
> 05:33:06.874514 bb.cc.iastate.edu.64825 > ns-1.iastate.edu.domain:  60468+ A? kerberos-1.iastate.edu. (40)
> 05:33:06.878457 ns-1.iastate.edu.domain > bb.cc.iastate.edu.64825:  60468* 1/5/6 A 129.186.0.0 (276)
> 05:33:06.878567 bb.cc.iastate.edu.64824 > kerberos-1.iastate.edu.kerberos: 

This packet is interesting, since it should go to port 4444 (krb524/udp), not
port 88 (kerberos/udp).

Can you check that your /etc/services contain a krb524 that points to 88 ?

Love