Service principals

David A. Resler resler at
Mon Jun 10 12:01:32 EDT 2002

I'm looking for documentation/information on service principals and what 
goes on behind the scenes.

I'm attempting to use K5 authentication with CorporateTime.  Our K5 is part 
of a DCE installation.

I've generated a principal with a primary name of "uniengd" and am using 
the fully qualified domain name of the CT server as the instance.

When my CT client makes a "TGS-REQ" request, I receive back a "KRB-ERROR" 
packet with the error code "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN".  The packet 
also contains "Server not found in Kerberos database (dce / krb)".

The service principal looks OK, i.e., the dcecp command "principal show 
uniengd/{CT hostname}" looks OK.

Any ideas?

David A. Resler                          E-mail:  resler at
Senior Network Engineer
Communication Network Services, Ohio University

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 231 bytes
Desc: not available
Url :

More information about the Kerberos mailing list