setup kerberos client
Jeffrey Altman
jaltman2 at nyc.rr.com
Tue Apr 13 10:10:26 EDT 2004
melissa_benkyo wrote:
> hi sridhar,
>
> thanks for the reply. I did the steps you mentioned but the solaris
> machine is looking up the sample/<solaris machine>@REALM.COM according
> to the log. and if I add the sample/<solaris machine>@REALM.COM to the
> keytab on the linux machine it says that the
>
>>>GSS-API error acquiring credentials: Miscellaneous failure
>>>GSS-API error acquiring credentials: No principal in keytab matches
>>>desired name
>
>
> any insights as to what the problem might be?
>
> thanks!
The machine the GSSAPI service is running on must see the same name
for the machine as the client machine does from DNS. The GSSAPI
Service does not look for a keytab entry matching the client request,
it attempts to load the keytab entry when it starts.
I agree there are few good ways to debug this other then tracing the
gssapi library calls inside a debugger.
Jeffrey Altman
More information about the Kerberos
mailing list