gss-server error

Mon Aug 21 10:29:51 EDT 2006

A Kerberos realm is always in uppercase [1]. If you did *everything*
with a lowercase realm name I suspect things might work but perhaps not.

Or, based on the second error, perhaps there is a DNS issue?

Mike

[1] The realm is effectively the DNS domain in uppercase and therefore
it is not uncommon to see lowercase names (e.g. DNS oriented software).

On Mon, 21 Aug 2006 17:00:03 +0800
"lizhong" <lizhong at ncic.ac.cn> wrote:

> I'm trying to test with gss-client and gss-server but am unsuccessful in 
> getting it to work.
> 
> I have setup a MIT Realm called test.com and added a client named test/admin at test.com.
> I am able to kinit and get a ticket from the KDC. 
> 
> [root at gcnode029 gss-sample]# kinit
> Password for test/admin at test.com: 
> kinit(v5): Password incorrect while getting initial credentials
> [root at gcnode029 gss-sample]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: test/admin at test.com
> 
> Valid starting     Expires            Service principal
> 08/21/06 15:45:15  08/22/06 15:45:15  krbtgt/test.com at test.com
> 
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> [root at gcnode029 gss-sample]# 
> 
> But if I run "gss-server -port 8888 -verbose -once test/admin at test.com", I met the following error:
> 
> [root at gcnode029 gss-sample]# ./gss-server -port 8888 -verbose -once test/admin at test.com
> GSS-API error acquiring credentials: An invalid name was supplied
> GSS-API error acquiring credentials: Hostname cannot be canonicalized
> 
> I guess I used the service name in an improper way. So what service name should I use? Thank you for any help!
> 
> 
> 

-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/