gss_accept_sec_context
Kevin Coffman
kwc at citi.umich.edu
Fri Nov 2 09:24:25 EDT 2007
On 11/2/07, Manoj Mohan <manojm at us.ibm.com> wrote:
>
> Hi,
>
> I am new to kerberos world.. so forgive my noviceness....
>
> I have a KDC running on linux and my client server are also on linux.. After
> registering the user principals and service principals when client is
> connecting to server, I can see from the klist that
> the service ticket is generated properly.
>
> However, at the server end..after succesfully executing gss_acquire_cred(),
> I am failing in gss_accept_sec_context with maj_stat: 851968, min_stat:
> -1765328154
>
> However, after some googling... I can see that kerberos error code goes only
> as far as -1765328157L...
> It looks like a big coincidence that we are getting that close an error to
> be an INCORRECT error
>
> Any pointers?
>
> Manoj
>From krb5.h: #define KRB5_KT_KVNONOTFOUND (-1765328154L)
This indicates that the client is getting a service ticket which was
produced with a key version (KVNO) that the server does not have in
its keytab file. I'd assume that you did a 'ktadd' for the service
and failed to update the keytab that the service is using. (Or the
client has an "old" service ticket and the server's keytab no longer
has that older version of the key.)
More information about the Kerberos
mailing list