Ooh, ah. When someone else suggested "switch to Merit RADIUS" I looked and found only a $10k version. I'll look again. > ... you can see > the Kerberos support in rad.kerberos.c and krb_get_in_tkt.c. You have to > get the afs_stringtokey.c source from somewhere else. I presume Ascend already did this for me, since # strings /usr/sbin/radiusd | grep stringto $Id: afs_stringtokey.c,v 1.5 1997/06/02 21:20:48 steve Exp $ $Id: mit_stringtokey.c,v 1.2 1997/01/22 18:47:32 steve Exp $ > ticket failed. It is going to be mighty tough to figure out the problem > since the data is encrypted and Merit RADIUS is pretty careful to destroy > the secret information as soon as possible to help reduce the risks of > someone stealing it from a core file or running image. But remember -- I know the correct key, since it's a function of my password and realm. I *could* cook up a program to decrypt the returned packet, and have actually begun such a program, but what will I learn? If I can decrypt it, I conclude radiusd is broken. I suppose if I couldn't, then I would know the Kerberos server is broken, but it passes a more direct test: I can log in to my workstation. On the other hand, I could start radiusd with a -x or two under the debugger and set a breakpoint ... Ugh. What a chore. __________________________________________________________________ Matt Crawford crawdad@fnal.gov Fermilab PGP: 0x566F63C5 - D5 27 83 7A 25 25 7D FB 09 3C BA 33 71 C4 DA 6A ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <HR> <STRONG>Follow-Ups</STRONG>: <UL> <LI><STRONG><A HREF="msg09954.html">Re: (ASCEND) Ascend Access Control RADIUS <--> Kerberos</A></STRONG></LI> <UL> <LI><EM>From</EM>: Josh Bailey <joshb@xtra.co.nz></LI> </UL> </UL> <!--X-Follow-Ups-End--> <!--X-References--> <STRONG>References</STRONG>: <UL> <LI><STRONG><A HREF="msg09912.html">Re: (ASCEND) Ascend Access Control RADIUS <--> Kerberos</A></STRONG></LI> <UL> <LI><EM>From</EM>: Tim Basher <basher@alpha.CES.CWRU.Edu></LI> </UL> </UL> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg09922.html">(ASCEND) TNT Dropping ISDN 2nd Channels</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg09919.html">Re: (ASCEND) Re: sigh (bitching)</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg09912.html">Re: (ASCEND) Ascend Access Control RADIUS <--> Kerberos</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg09954.html">Re: (ASCEND) Ascend Access Control RADIUS <--> Kerberos</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="mail4.html#09920"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd206.html#09920"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>