kadmind, Wrong principal in request
Kevin Coffman
kwc at citi.umich.edu
Thu Apr 15 09:28:02 EDT 2004
I saw your message this morning about extracting a keytab remotely.
I'm not clear on exactly what you are trying to do, but a way to invoke
kadmin from a machine that has a different default realm is to use:
% kadmin -p admin at OTHER.REALM -r OTHER.REALM
Otherwise, with just "-p admin" is assumes that you are trying to
authenticate as admin at THIS.REALM which won't work.
Hope this helps...
> Trying to run "kadmin":
> ---
> [fis:~] jablko% kadmin -p admin -r RUZ.LAT
> Authenticating as principal admin with password.
> Password for admin at LAT:
> kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
> ---
> And on the admin server:
> ---
> Apr 3 23:57:24 wum kadmind[18547]: Authentication attempt failed:
> 192.168.179.43, GSS-API error strings are:
> Apr 3 23:57:24 wum kadmind[18547]: Miscellaneous failure
> Apr 3 23:57:24 wum kadmind[18547]: Wrong principal in request
> Apr 3 23:57:24 wum kadmind[18547]: GSS-API error strings complete.
> ---
> Everything else works - including cross realm authentication.
> "krb5.conf" should be fine since the admin server, "wum", reacts to the
> connection. I've double checked DNS: Forwards and reverse work fine on
> client & server. "kadm5.acl" on the admin server contains:
> ---
> admin *
> ---
> What does this error mean?
>
> Thanks!
>
> Jack
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list