kerberos ftpd bug? can't get it to work!

root jpalma78 at hotmail.com
Wed Jul 9 15:18:02 EDT 2003


Does anyone know how to get ftp working on Kerberos V5.  I can connect
to the ftp server but I fail to authenticate.  I keep getting an error
message that "No principal in keytab matches desired name".  But my
keytab file appears correct.  In fact, telnet and rsh are working. 
The only thing that doesn't work is ftp.  I have tried removing the
ftp entry from my keytab file (supposedly some versions of kerberos
will not work with ftp/host; only host/host) and I connect using the
FQDN (also heard ftp is qwerky about FQDNs) but I get exactly the same
problems. I have tried everything and poured over all the docs I could
get my hands on to no avail.  I suspect it's something stupid I am
overlooking or maybe there's some obscure work around.  Anyway, my
boss really wants this implemented and I am stumped.  Anyone out there
got any ideas?  ANY HELP WILL BE GREATLY APPRECIATED!

I PASTED THE ERROR AND MY KEYTAB FILE BELOW:

root at psadmn2# /usr/kerberos/krb5-1.2.8/src/appl/gssftp/ftp/ftp
emssyb1.xx.xx.xx
Connected to emssyb1.toplfo.fpl.com.
220 emssyb1 FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: Miscellaneous failure
GSSAPI error minor: No principal in keytab matches desired name
GSSAPI error: acquiring credentials
GSSAPI ADAT failed
GSSAPI authentication failed

emssyb1:/>/usr/kerberos/krb5-1.2.8/src/clients/klist/klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   3 ftp/myhost.domain.com at MYREALM
   3 ftp/myhost.domain.com at MYREALM
   3 host/myhost.domain.com at MYREALM
   3 host/myhost.domain.com at MYREALM
   3 telnet/myhost.domain.com at MYREALM
   3 telnet/myhost.domain.com at MYREALM


More information about the Kerberos mailing list