Changes between Version 12 and Version 14 of Ticket #529


Ignore:
Timestamp:
09/15/10 11:30:59 (11 years ago)
Author:
jdreed
Comment:

I was able to log in to the MIT SECURE wireless network as "jruser", on MacOS 10.6.4. The initial connection attempt successfully associated but failed to get DHCP. Subsequent connection attempts worked just fine, and I received a valid IP.

kadmin:  getprinc jruser
Principal: jruser@ATHENA.MIT.EDU
Expiration date: [never]
Last password change: Wed Sep 15 09:17:15 EDT 2010
Password expiration date: [none]
Maximum ticket life: 0 days 21:15:00
Maximum renewable life: 7 days 00:00:00
Last modified: Wed Sep 15 09:17:15 EDT 2010 (jdreed/admin@ATHENA.MIT.EDU)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 5, Triple DES cbc mode with HMAC/sha1, no salt
MKey: vno 0
Attributes:
Policy: default

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #529 – Description

    v12 v14  
    3131 * I cannot log in to [https://mit-mailsec-cc.mit.edu:41443/brightmail Brightmail]: “Invalid user name or password. Please try again.” 
    3232 * I cannot log in to Windows after starting the Citrix ICA Client from [https://citrix.mit.edu/Citrix/MetaFrameXP/frameset.jsp Citrix MetaFrame XP]: “The system could not log you on.  Make sure your User name and domain are correct, then type your password again.  Letters in passwords must be typed using the correct case.” 
    33  * I cannot log in to the MIT SECURE wireless network: 
    34 {{{ 
    35 NetworkManager[1083]: <info> (eth1): supplicant connection state:  associating -> associated 
    36 wpa_supplicant[1185]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected 
    37 wpa_supplicant[1185]: EAP-TLV: TLV Result - Failure 
    38 wpa_supplicant[1185]: CTRL-EVENT-EAP-FAILURE EAP authentication failed 
    39 }}} 
     33 * ~~I cannot log in to the MIT SECURE wireless network:~~ 
    4034 
    4135Given that single-DES is critically weak, is disabled by default in current releases of Kerberos, and will be removed entirely in future releases, we should talk with network and try to get these little problems worked out sooner rather than later.