Error while rrunning GSSAPI samples using SEAM (No principal inkeytab matches desired name )

Douglas E. Engert deengert at anl.gov
Fri Dec 12 08:08:16 EST 2003 

Try using in Step 5: 
./gss-server -port 4444 -verbose windms at beetle.qdms.co.in

The GSS-API uses service at hostname which when use with Kerberos
Kerbeors GSSAPI is mapped to a principal of service/hostname 

Vikas Gandhi wrote:
> 
> Hi All
>  I am using SEAM and ADSI 2000. I have done cross relam and cross
> domain setup. The setup is fine. I am facing difficulties in running
> gssapi samples using ADSI (though the reverse I have done it i.e.
> using sspi samples using SEAM).
> The gssapi samples work fine for SEAM. But I do not know where I am
> mistaken when I try for ADSI-2000.
> WIN-OS: 2003 server
> WIN-DOMAIN: QDMS.CO.IN
> WIN-relam: QDMS.CO.IN
> win-host-name: beetle.qdms.co.in
> 
> SUN-OS: solaris 9
> SEAM-DOMAIN: QUARK.CO.IN
> win-host-name: blade.quark.co.in
> seam-relam: QUARK.CO.IN
> seam version: 1.01
> As I have created a trust between the two domains and added kdc to the
> windows and created mappings, I can login to the windows easily using
> SEAM KDC.
> 
> Step 1:  I created a user windms in ADSI and gave windms and password
> windms.
> Step 2: ktpass –princ windms/beetle.qdms.co.in –mapuser windms -pass
> windms -out blade.keytab
> Step 3: I ftp that file in sun server and used ktutil to input in
> /etc/krb5/krb5.keytab
> Step 4: kinit -k -t /etc/krb5/krb5.keytab
> windms/beetle.qdms.co.in at QDMS.CO.IN
> works fins and I get the ticket.
> Step 5: ./gss-server -port 4444 -verbose windms/beetle.qdms.co.in
> GSS-API error acquiring credentials: Unspecified GSS failure.  Minor
> code may provide more information
> GSS-API error acquiring credentials: No principal in keytab matches
> desired name
> 
> I do not know where the error lies.
> My /etc/hosts file says the following
> X.X.X.X    blade.qdms.co.in blade.quark.co.in blade
> X.X.X.X    beetle  beetle.qdms.co.in beetle.quark.co.in
> 
> My /etc/resolv.conf says
> domain  quark.co.in
> nameserver      X.X.X.X
> nameserver      X.X.X.X
> search quark.co.in qdms.co.in
> 
> Regards
> Vikas
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

-- 

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the Kerberos mailing list