kerberos ftpd bug? can't get it to work (New, sort of)

Cesar Garcia Cesar.Garcia at
Fri Aug 1 10:41:08 EDT 2003

You can also inspect for which principal a service ticket was
acquired, on the client side via klist. Make sure there is a
corresponding keytab entry for this principal on the target host
(klist -k).

>>>>> "Ken" == Ken Hornstein <kenh at> writes:

>>> GSSAPI accepted as authentication type
>>> GSSAPI error major: Miscellaneous failure
>>> GSSAPI error minor: No principal in keytab matches desired name

Ken> If you turn on ftpd debugging (-d), ftpd will log a whole bunch of crap
Ken> to syslog.  One of the things it logs is the name it's trying to use
Ken> locally.  I suspect that the problem is something akin to listing the
Ken> "short" name of the host first in /etc/hosts.

Ken> --Ken
Ken> ________________________________________________
Ken> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list