home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Columbia Kermit
/
kermit.zip
/
newsgroups
/
misc.20021006-20030409
/
000290_jaltman@columbia.edu_Wed Feb 12 10:13:16 EST 2003.msg
< prev
next >
Wrap
Text File
|
2020-01-01
|
5KB
|
148 lines
Article: 14085 of comp.protocols.kermit.misc
Path: newsmaster.cc.columbia.edu!phl-feed.news.verio.net!iad-feed.news.verio.net!iad-peer.news.verio.net!news.verio.net!newsfeed.icl.net!newsfeed.fjserv.net!c03.atl99!sjc70.webusenet.com!news.webusenet.com!nf3.bellglobal.com!cyclone.mw.ipsvc.net!news.mw.ipsvc.net!cyclone.kc.rr.com!news-east.rr.com!news-server.columbus.rr.com!cyclone.rdc-nyc.rr.com!news-out.nyc.rr.com!twister.nyc.rr.com.POSTED!not-for-mail
Message-ID: <3E49881E.2040907@columbia.edu>
From: Jeffrey Altman <jaltman@columbia.edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.protocols.kermit.misc
Subject: Re: SSL-Telnet waiting for WILL AUTHENTICATION subnegotiation
References: <f53f8c5c.0302101307.43a79f75@posting.google.com> <3E482A46.2010509@nyc.rr.com> <f53f8c5c.0302110921.bbf187d@posting.google.com> <3E493E29.5040800@columbia.edu> <f53f8c5c.0302111509.12c6ae2f@posting.google.com>
In-Reply-To: <f53f8c5c.0302111509.12c6ae2f@posting.google.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 125
Date: Tue, 11 Feb 2003 23:31:24 GMT
NNTP-Posting-Host: 66.108.138.151
X-Complaints-To: abuse@rr.com
X-Trace: twister.nyc.rr.com 1045006284 66.108.138.151 (Tue, 11 Feb 2003 18:31:24 EST)
NNTP-Posting-Date: Tue, 11 Feb 2003 18:31:24 EST
Organization: Road Runner - NYC
Xref: newsmaster.cc.columbia.edu comp.protocols.kermit.misc:14085
>>>set auth tls verify-dir /usr/local/ca
>>>set auth tls verify-file /usr/local/ca/cacert.pem
>>
>>These are only necessary if you are attempting to verify client
>>certificates.
>
>
> Would this be the personal and/or client host certificates?
> From what I understand the following would give me client(personal
> user) authentication:
>
> kermit client kermit server
> personal user cert rsa-cert-file ~/.tlslogin
> client host cert N/A N/A
> server host cert N/A rsa-cert-file
> CA cert verify-file N/A
>
> I'm just after user authentication, client host could come later.
You can't perform client host authentication with TLs. You can only
perform user authentication.
>
>>>Is the host settings for the iksd.conf's rsa's suppose to be the host
>>>client? And is the CA key the only key that needs hashed?
>>
>>
>>
>>>Thanks
>>>
>>>cs
>>
>>To debug IKSD include a
>>
>> LOG DEBUG /root/iksd.debug.\v(pid).log
>>
>>command in your iksd.conf file. If you are not getting a response to
>>the "client hello A" it is most likely a problem related to firewall's
>>blocking the negotiation OR perhaps a file system access problem on the
>>host.
>
>
> ...
>
> dbinit dbfile 1[(NULL)]
> dbinit dbdir 2[/var/log/]
> dbinit dbfile 2[/var/log/iksd.db]
> dbinit mypid=1255
> getlocalipaddr setting buf to[149.223.210.203]
> dbinit myip[95dfd2cb]=-1780493621
> ckgetpeer[cms.jms.lucascargo.com]=-1780493621
> dbinit peerip[95dfd2cb]=-1780493621
> dbinit peerip[95dfd2cb]=-1780493621
> dbinit dbenabled=1
> getslot idstring[95dfd2cb:0000001255
> ]
> getslot tempfile[/var/log/95dfd2cb.4e7]
> getslot lockfile[/var/log/iksd.lck]
> zrename old[/var/log/95dfd2cb.4e7]
> zrename new[/var/log/iksd.lck]
> zrename setroot[]=0
> isdir stat[/var/log/iksd.lck]=-1
> isdir errno=2
> zrename no dir[/var/log/iksd.lck]
> zrename rename()[/var/log/95dfd2cb.4e7]=0
> zfnqfp fname[/var/log/95dfd2cb.4e7]=4096
> zfnqfp realpath fails[/var/log/95dfd2cb.4e7]=2
> zfnqfp while *s[/var/log/95dfd2cb.4e7]
> zfnqfp len=21
> isdir stat[/var/log/95dfd2cb.4e7]=-1
> isdir errno=2
> zfnqfp path[/var/log/95dfd2cb.4e7]=21
> zfnqfp name[95dfd2cb.4e7]
> zfnqfp fname[/var/log/iksd.lck]=4096
> isdir stat[/var/log/iksd.lck]=0
> isdir islink=0
> isdir statbuf.st_mode=33152
> zfnqfp realpath path[/var/log/iksd.lck]
> zfnqfp realpath name[iksd.lck]
> getslot has lock[/var/log/iksd.lck]
> getslot dbfile[/var/log/iksd.db]
> zchki setroot[]=0
> STAT=5
> zchki stat ok:[/var/log/iksd.db]=0
> zchki access ok:[/var/log/iksd.db]=4096
> getslot record=0
> getslot dbflags:0x00
> getslot dbpid:0x04a2
> getslot dbip:0x95dfd2cb
> getslot free slot=0
> getslot records=1
>
> ...
>
> And from syslog...
>
> Feb 11 14:13:51 cms iksd[1255]: file[4] /root/iksd.debug.1255.log:
> create ok
> Feb 11 14:13:51 cms iksd[1255]: file[] /var/log/95dfd2cb.4e7: rename
> to /var/log/iksd.lck failed (No such file or directory)
>
> FYI, I tried again after doing a "mkdir /var/log/iksd.lck":
>
> [root@cms pki]# ls /var/log/iksd.lck
> 95dfd2cb.45f
>
> syslog...
>
> Feb 11 13:47:20 cms iksd[1119]: file[] /var/log/95dfd2cb.45f: rename
> to /var/log/iksd.lck/95dfd2cb.45f failed (No such file or directory)
>
> Couldn't find an example or case outside of stunnel, if I get this one
> working, I'm writing it up :).
The file that is missing is /var/log/95dfd2cb.4e7. iksd.lck is the
destination file.
Is this host accessible from the Internet?
If so, please send access information to kermit-support@columbia.edu
along with the entire debug.log file.