Kerberos5 FTP not working. Neep Help!
Ken Raeburn
raeburn at MIT.EDU
Tue Nov 16 19:22:08 EST 2004
On Nov 16, 2004, at 19:15, James Chen wrote:
> Hi Ken and Douglas,
>
> Thanks a lot for answering my question!
>
> I changed the hostname of my server and client to server.james.com and
> client.james.com respetively. The 220 reply shows the FQDN of server :
>
> 220 server.james.com FTP server (Version 5.60) ready.
>
> However, I get another error : Key version number for principal in key
> table is incorrect. I checked klist -ke and getprinc on
> client.james.com(see output below). The KVNO is different for both
> ftp/server.james.com and host/server.james.com. I think the reason they
> are different is that I added the key for principal
> ftp/server.james.com, host/server.james.com on both server and client.
You don't need the key for the server on the client system.
> Each time I run ktadd for a principal, the KVNO increases. If I remove
> these two keys on the server, I got the same error "GSSAPI error minor:
> No principal in keytab matches desired name" again. Should I use
> "ktadd"
> to add these keys to keytab on server.james.com or client.james.com or
> both? Could you give me some suggestion what I should try next? ( I
> attached some console output below)
Yes, re-adding the key on the server will update the version again, and
the keytab should then be consistent with the database. Note that if
your ticket file on the client already has a ticket for the service,
it'll have no way of knowing that it's out of date, so you should run
kinit again.
Ken
More information about the Kerberos
mailing list