kadmind, Wrong principal in request
ms419@freezone.co.uk
ms419 at freezone.co.uk
Sun Apr 4 20:38:04 EDT 2004
Thanks ... Two realms are involved, though they're not on the same
machine. LAT contains our users (admin at LAT), while RUZ.LAT contains
principles for some experimental servers. LAT is hosted on tor; RUZ.LAT
is hosted on wum. Cross realm authentication is otherwise working
dandy.
Running (on wum):
---
admin at wum:~$ /usr/sbin/kadmin -p admin -r RUZ.LAT
Authenticating as principal admin with password.
Password for admin at LAT:
kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
---
Evokes on tor and wum:
---
Apr 4 17:17:17 tor krb5kdc[749]: AS_REQ (4 etypes {16 23 3 1})
192.168.179.73: NEEDED_PREAUTH: admin at LAT for kadmin/admin at LAT,
Additional pre-authentication required
Apr 4 17:17:23 tor krb5kdc[749]: AS_REQ (4 etypes {16 23 3 1})
192.168.179.73: ISSUE: authtime 1081124243, etypes {rep=16 tkt=16
ses=16}, admin at LAT for kadmin/admin at LAT
---
Apr 4 17:17:23 wum kadmind[18547]: Authentication attempt failed:
192.168.179.73, GSS-API error strings are:
Apr 4 17:17:23 wum kadmind[18547]: Miscellaneous failure
Apr 4 17:17:23 wum kadmind[18547]: Wrong principal in request
Apr 4 17:17:23 wum kadmind[18547]: GSS-API error strings complete.
---
So to me (I don't really know what I'm doing - just stating the
obvious), it appears that admin at LAT is successfully authenticated by
tor, but that instead of obtaining a cross realm ticket -
krbtgt/RUZ.LAT at LAT - it's obtaining kadmin/admin at LAT. Why ... ?
Thanks thanks THANKS! for all the help!
Jack
On Apr 4, 2004, at 4:21 PM, Sam Hartman wrote:
> Your error means that the kadmin client used the wrong principal when
> talking to your server. That's really strange unless you are trying
> to run mulptiple realms on the same machine or something.
>
> You can look at your KDC log and see what principal your client
> requests.
>
> --Sam
More information about the Kerberos
mailing list