(RADIATOR) Testing help with new Kerberos5 Auth Module.

Mike McCauley mikem at open.com.au
Sun Mar 28 17:04:18 CST 2004 

Hi again Steve,

I have attached a new version of your AuthKRB5 that works under a much wider 
range of circumstances, including EAP without a separate TunnelledBy TTLS 
clause.
It also now honours AddToReply and other such things.
Hope you will find this a better solution. Still not sure about the particular 
KRB error you reported.

Cheers.


On Mon, 29 Mar 2004 05:31 am, Steve Harper wrote:
> I'll happily contribute it to the Radiator code base.  Do with it what
> you will.  I just hope we can figure out the bug I'm running into.
>
> Thanks,
>
> Steve Harper
>
> On Sat, 27 Mar 2004, Mike McCauley wrote:
> > Hello again Steve,
> >
> > I wonder if you might want to consider contributing your module to the
> > Radiator goodies or the core for others to use too?
> >
> > Cheers.
> >
> > On Sat, 27 Mar 2004 11:53 am, Steve Harper wrote:
> > > Hello, I work for the University of Utah where we have a site license
> > > for Radiator.  I've written a Kerberos 5 Authentication module for
> > > Radiator (AuthKRB5.pm) because of Authen::PAM's segfaulting on Solaris
> > > 2.8 and up. Its based on AuthTEST.pm and AuthPAM.pm, and uses the CPAN
> > > Perl module Authen::KRB5 V1.3 which requires MIT kerberos.
> > >
> > > I'm running this on Solaris 2.9, with Perl 5.8.1, MIT Kerberos 1.2.7,
> > > and Radiator 3.9.
> > >
> > > It works fine with the radpwtst utility shipped with Radiator, but when
> > > I try to use it with our 802.1x clients / access point it fails with:
> > >
> > > Access rejected for testuser: Kinit failed: No such device or address
> > >
> > > The corresponding point of failure looking at things with truss seems
> > > to be where the * is.  It opens a socket, requests the TGT for the
> > > users, polls, and then recieves it.  ENXIO maps to "No such device or
> > > address". It then opens and unlinks the credential cache.
> > >
> > >  so_socket(PF_INET, SOCK_DGRAM, IPPROTO_IP, "", 1) = 6
> > >  connect(6, 0x004D1460, 16, 1)                   = 0
> > >  send(6, 0x006D6E00, 184, 0)                     = 184
> > >     j81B5 081B2A103020105A2030201\nA481A5 081A2A0070305\0\0\0\0\0A1
> > >     <snip>
> > >  poll(0xFFBFF408, 1, 1000)                       = 1
> > >  recv(6, 0x00BBA980, 4096, 0)                    = 525
> > >     k8202\t 0820205A003020105A1030201\vA3\n1B\b U T A H . E D UA415
> > >     <snip>
> > >  close(6)                                        = 0
> > > *ioctl(0, TCGETS, 0xFFBFF520)                    Err#6 ENXIO
> > >  open("/tmp/krb5cc_0", O_RDWR)                   = 6
> > >  unlink("/tmp/krb5cc_0")                         = 0
> > >
> > > I was curious if anyone had any idea why I might be getting such an
> > > error or would be willing to test the code in their environment and let
> > > me know their results.  Any code improvements or suggestions would
> > > likewise be greatly appreciated.
> > >
> > > You can download the code from
> > > http://dev.scl.utah.edu/AuthKRB5.pm
> > >
> > > Thanks in advance for any help,
> > >
> > > Steve Harper                                      Campus Student
> > > Computing Sys Admin                                                
> > > Marriott Library s.harper at utah.edu                                     
> > >  University of Utah
> > >
> > > --
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Mike McCauley                               mikem at open.com.au
> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia  
> > http://www.open.com.au Phone +61 7 5598-7474                       Fax  
> > +61 7 5598-7070
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> > TTLS, PEAP etc on Unix, Windows, MacOS etc.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AuthKRB5.pm
Type: text/x-perl
Size: 3512 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040329/5df7a7cb/attachment.bin>

More information about the radiator mailing list