kadmind, Wrong principal in request

Kevin Coffman kwc at citi.umich.edu
Thu Apr 15 09:28:02 EDT 2004


I saw your message this morning about extracting a keytab remotely.

I'm not clear on exactly what you are trying to do, but a way to invoke 
kadmin from a machine that has a different default realm is to use:

% kadmin -p admin at OTHER.REALM -r OTHER.REALM

Otherwise, with just "-p admin" is assumes that you are trying to 
authenticate as admin at THIS.REALM which won't work.

Hope this helps...


> Trying to run "kadmin":
> ---
> [fis:~] jablko% kadmin -p admin -r RUZ.LAT
> Authenticating as principal admin with password.
> Password for admin at LAT:
> kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
> ---
> And on the admin server:
> ---
> Apr  3 23:57:24 wum kadmind[18547]: Authentication attempt failed: 
> 192.168.179.43, GSS-API error strings are:
> Apr  3 23:57:24 wum kadmind[18547]:     Miscellaneous failure
> Apr  3 23:57:24 wum kadmind[18547]:     Wrong principal in request
> Apr  3 23:57:24 wum kadmind[18547]:    GSS-API error strings complete.
> ---
> Everything else works - including cross realm authentication. 
> "krb5.conf" should be fine since the admin server, "wum", reacts to the 
> connection. I've double checked DNS: Forwards and reverse work fine on 
> client & server. "kadm5.acl" on the admin server contains:
> ---
> admin	*
> ---
> What does this error mean?
> 
> Thanks!
> 
> Jack
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 




More information about the Kerberos mailing list