How to get rid of Kerberos telnetd on Fedora 3 - Kerberos

This is a discussion on How to get rid of Kerberos telnetd on Fedora 3 - Kerberos ; Help. I want to telnet to a laptop that has Fedora 3 installed. This is on a private net so I do not want any type of forced security. I just want to telnet to the laptop from different Linux ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: How to get rid of Kerberos telnetd on Fedora 3

  1. How to get rid of Kerberos telnetd on Fedora 3

    Help. I want to telnet to a laptop that has Fedora 3 installed. This is on
    a private net so I do not want any type of forced security. I just want to
    telnet to the laptop from different Linux PCs. Unfortunately, when I do
    telnet to the laptop I get an error message.

    This is the error message I receive after entering the password:

    Cannot resolve network address for KDC in requested realm while getting
    initial credentials

    I edited the file krb5-telnet in the /etc/xinet.d directory from disable=yes
    to disable=no. Before I did that it would not even accept a telnet
    connection. At least now it accepts connections. FTP is fine.

    krb5-telnet in /etc/xinet.d dir
    # default: off
    # description: The kerberized telnet server accepts normal
    # telnet sessions, but can also use Kerberos 5 authentication.
    service telnet
    {
    flags = REUSE
    socket_type = stream
    wait = no
    user = root
    server = /usr/kerberos/sbin/telnetd
    log_on_failure += USERID
    disable = no
    }

    The comment in the krb5-telnet file states that "The kerberized telnet
    server accepts normal sessions", but that appears false.

    There is no other telnetd package installed.

    How do I either:

    1. Disable kerberos so that it accepts connections
    2. Remove the kerberos telnet package (rpm -qa does not show any kerberos
    telnet package)

    Thanks.



  2. Re: How to get rid of Kerberos telnetd on Fedora 3

    >>>>> "EG" == Earl Greida writes:

    EG> Help. I want to telnet to a laptop that has Fedora 3 installed.
    EG> This is on a private net so I do not want any type of forced
    EG> security. I just want to telnet to the laptop from different
    EG> Linux PCs. Unfortunately, when I do telnet to the laptop I get an
    EG> error message.

    EG> This is the error message I receive after entering the password:

    EG> Cannot resolve network address for KDC in requested realm while
    EG> getting initial credentials

    EG> I edited the file krb5-telnet in the /etc/xinet.d directory from
    EG> disable=yes to disable=no. Before I did that it would not even
    EG> accept a telnet connection. At least now it accepts connections.

    There's no "at least;" you had telnet turned off. You turned it on, now
    it accepts connections. That's how xinetd works.

    EG> FTP is fine.

    EG> The comment in the krb5-telnet file states that "The kerberized
    EG> telnet server accepts normal sessions", but that appears false.

    No, it is true. In prompting for a password, it is doing a "normal
    session," as opposed to requiring authentication via Kerberos ticket. The
    problem is that telnetd is further configured to verify the password using
    Kerberos. That is probably via PAM; look at /etc/pam.conf or in
    /etc/pam.d/.

    --
    Richard Silverman
    res@qoxp.net


  3. Re: How to get rid of Kerberos telnetd on Fedora 3


    "Richard E. Silverman" wrote in message
    news:m2mzejsia5.fsf@darwin.oankali.net...
    > >>>>> "EG" == Earl Greida writes:

    >
    > EG> FTP is fine.
    >
    > EG> The comment in the krb5-telnet file states that "The kerberized
    > EG> telnet server accepts normal sessions", but that appears false.
    >
    > No, it is true. In prompting for a password, it is doing a "normal
    > session," as opposed to requiring authentication via Kerberos ticket. The
    > problem is that telnetd is further configured to verify the password using
    > Kerberos. That is probably via PAM; look at /etc/pam.conf or in
    > /etc/pam.d/.


    Thanks for the help. There is no /etc/pam.conf file. There are a ton of
    files in pam.d, but none contain telnet. Any suggestions? I am a bit
    hesitant to just going into these files and commenting out lines.

    /etc/pam.d/
    atd
    authconfig
    authconfig-gtk
    chfn
    chsh
    crond
    cups
    dateconfig
    ethereal
    gdm
    gdm-autologin
    gdmsetup
    halt
    hwbrowser
    internet-druid
    kbdrate
    kde
    kde-np
    kppp
    login
    neat
    newrole
    other
    pamdir
    passwd
    poweroff
    ppp
    printconf
    printconf-gui
    printconf-tui
    printtool
    reboot
    remote
    rhn_register
    run_init
    samba
    screen
    serviceconf -> system-config-services
    setup
    smtp -> /etc/alternatives/mta-pam
    smtp.sendmail
    squid
    sshd




  4. Re: How to get rid of Kerberos telnetd on Fedora 3

    >>>>> "EG" == Earl Greida writes:

    EG> "Richard E. Silverman" wrote in message
    EG> news:m2mzejsia5.fsf@darwin.oankali.net...
    >> >>>>> "EG" == Earl Greida

    >> writes:
    >>

    EG> FTP is fine.
    >>

    EG> The comment in the krb5-telnet file states that "The kerberized
    EG> telnet server accepts normal sessions", but that appears false.
    >> No, it is true. In prompting for a password, it is doing a
    >> "normal session," as opposed to requiring authentication via
    >> Kerberos ticket. The problem is that telnetd is further configured
    >> to verify the password using Kerberos. That is probably via PAM;
    >> look at /etc/pam.conf or in /etc/pam.d/.


    EG> Thanks for the help. There is no /etc/pam.conf file. There are a
    EG> ton of files in pam.d, but none contain telnet. Any suggestions?
    EG> I am a bit hesitant to just going into these files and commenting
    EG> out lines.

    Although the names often match up, they don't have to. In this case,
    telnetd is probably using the "login" PAM service.

    --
    Richard Silverman
    res@qoxp.net


  5. Re: How to get rid of Kerberos telnetd on Fedora 3


    "Earl Greida" wrote in message
    news:5nV0g.3159$An2.528@newsread2.news.pas.earthli nk.net...
    > Help. I want to telnet to a laptop that has Fedora 3 installed. This is

    on
    > a private net so I do not want any type of forced security. I just want

    to
    > telnet to the laptop from different Linux PCs. Unfortunately, when I do
    > telnet to the laptop I get an error message.
    >
    > This is the error message I receive after entering the password:
    >
    > Cannot resolve network address for KDC in requested realm while getting
    > initial credentials
    >
    > I edited the file krb5-telnet in the /etc/xinet.d directory from

    disable=yes
    > to disable=no. Before I did that it would not even accept a telnet
    > connection. At least now it accepts connections. FTP is fine.
    >
    > krb5-telnet in /etc/xinet.d dir
    > # default: off
    > # description: The kerberized telnet server accepts normal
    > # telnet sessions, but can also use Kerberos 5 authentication.
    > service telnet
    > {
    > flags = REUSE
    > socket_type = stream
    > wait = no
    > user = root
    > server = /usr/kerberos/sbin/telnetd
    > log_on_failure += USERID
    > disable = no
    > }
    >
    > The comment in the krb5-telnet file states that "The kerberized telnet
    > server accepts normal sessions", but that appears false.
    >
    > There is no other telnetd package installed.
    >
    > How do I either:
    >
    > 1. Disable kerberos so that it accepts connections
    > 2. Remove the kerberos telnet package (rpm -qa does not show any kerberos
    > telnet package)
    >
    > Thanks.
    >
    >

    I fixed this by downloading and installing a "normal" telnet package, along
    with a "normal" rsh (rlogin) package. They work fine.



  6. Re: How to get rid of Kerberos telnetd on Fedora 3


    "Richard E. Silverman" wrote in message
    news:m2ejzuqo4b.fsf@darwin.oankali.net...
    > >>>>> "EG" == Earl Greida writes:

    >
    > EG> I fixed this by downloading and installing a "normal" telnet
    > EG> package, along with a "normal" rsh (rlogin) package. They work
    > EG> fine.
    >
    > While I'm glad you fixed your problem, be aware that the other packages
    > work just fine as well. You simply misunderstood and misconfigured them.


    Maybe, but I didn't configure anything. That's the way they were installed
    by the vendor, or configured by Redhat. Thanks for your help, though.



+ Reply to Thread