Hello,
As I begin using FreeBSD, I thank you for this forum. I have set up some ezjails into a FreeBSD OS. One of them is a Heimdal KDC and another is a principal server of the realm. I can login as principal user from server. As I follow this tutorial: http://www.freebsd.org/doc/handbook/kerberos5.html, one instruction/advice is to check whether the transaction doesn't involve the divulging of the password in clear:
When using tcpdump on the KDC and principal interfaces, it doesn't capture any packet.
When I stop the KDC jail, the principal cannot login. It should mean transaction is made from principal server and KDC, using network.
Do you have any suggestions to help me out?
As I begin using FreeBSD, I thank you for this forum. I have set up some ezjails into a FreeBSD OS. One of them is a Heimdal KDC and another is a principal server of the realm. I can login as principal user from server. As I follow this tutorial: http://www.freebsd.org/doc/handbook/kerberos5.html, one instruction/advice is to check whether the transaction doesn't involve the divulging of the password in clear:
When testing a Kerberized application, try using a packet sniffer such as tcpdump(1) to confirm that the password is not sent in the clear
When using tcpdump on the KDC and principal interfaces, it doesn't capture any packet.
Code:
tcpdump -w /tmp/dump.pcap src ip_kdc and dst ip_kdc
When I stop the KDC jail, the principal cannot login. It should mean transaction is made from principal server and KDC, using network.
Do you have any suggestions to help me out?