# telnet with kerberos v5 and encrypt support

## discostu

So the university decided to user kerberos for telnet now. I built mit-krb and pam_krm5. And I also rebuilt telnet with USE="kerberos crypt" emerge telnet-bsd. However 

```
telnet -faxl stett isua3.iastate.edu

telnet: Warning: -f ignored, no Kerberos V5 support.

telnet: Warning: -x ignored, no ENCRYPT support.

...

telnetd: Insecure connection rejected.

Connection closed by foreign host.

```

Thanks!  :Smile: 

Stu

----------

## adaptr

 *discostu wrote:*   

> So the university decided to user kerberos for telnet now.

 

Which means that they're... total morons?

Adding fscking DoD 5th-Level DefCon3 death-ray KillemAll protection to Telnet still leaves you with... Telnet, which transmits totally insecure data.

Even the oldest, weakest versions of SSH give you RSA encryption of all traffic.

Sorry, no idea what's the answer to your problem - I just found this quite hilarious   :Twisted Evil: 

----------

## steel300

I'm at iastate as well. You need to use the kerberos telnet client: ktelnet. The kerberos telnet support still isn't functional. All you will see is gibberish on the screen when you login. You will also need to create a kerberos ticket manually. Search the AIT page for krb5 and you should find the krb5.conf file that you need to put in /etc. To create a ticket it's kinit user_name. It will ask for a password, then create the ticket. The only thing that works (kind of) is ftp. To use the kerberos ftp client, it's kftp isuaX.iastate.edu.

----------

## discostu

cool, thanks! I don't know why they gotta use telnet with kerberos when they could use ssh (the iastate com sci dept uses ssh). I had already gotten their krb5.conf. I just used wget to their ftp. I normally don't mess with project vincent and stick to coms servers, but I need access to edit the website for guitar club.

-Stu

----------

## steel300

Yeah, they're stupid. Did you get telnet to work? It still shows crap for me. I know the ftp client works, but it cuts out frequently.

----------

## discostu

Telnet works for me. I just did 

```
ktelnet -fax -l mynetid isuaX.iastate.edu
```

----------

## steel300

Sweet, they finally fixed there telnet daemon.

----------

## Ranthog

Actually that isn't true.  They are working on ssh, but it is not yet ready for distrobution.  There is software that needs to be ported to their systems and testing to do.

Unfortunatly the republican asshats have cut the university budget massivly the last four years so they don't have the staff to do it, and the administration's policies are what created the need for the password to be encrypted.

----------

## steel300

 *Ranthog wrote:*   

> Actually that isn't true.  They are working on ssh, but it is not yet ready for distrobution.  There is software that needs to be ported to their systems and testing to do.
> 
> Unfortunatly the republican asshats have cut the university budget massivly the last four years so they don't have the staff to do it, and the administration's policies are what created the need for the password to be encrypted.

 

I know they're working on ssh. It's a hell of a lot easier to get ssh ported then a kerberized telnet. That should have come first, rather than telnet. I guess I don't understand what "porting" need to be done to start an ssh daemon.

----------

