SASL problems

David "3oz" Sonenberg pip_prime at yahoo.com
Wed Dec 22 11:33:29 EST 2004 

It was a typo + I have them all sym linked for safe
measure.  So it looks like the principals are the
same.  It's been over 10 years since I graduated High
School and I'm still getting in trouble with the
principal!  Anyway here's the output from my lastest
run.  


# klist -k -t /etc/kerberos/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- -----------------
--------------------------------------------------------
   4 12/22/04 09:52:43
host/ldap.myrealm.com at MYREALM.COM
   4 12/22/04 09:53:47
ldap/ldap.myrealm.com at MYREALM.COM

# kadmin -q "getprinc
host/ldap.myrealm.com at MYREALM.COM"
Authenticating as principal root/admin at MYREALM.COM
with password.
Principal: host/ldap.myrealm.com at MYREALM.COM
Expiration date: [never]
Last password change: Wed Dec 22 09:52:43 EST 2004
Password expiration date: [none]
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 0 days 00:00:00
Last modified: Wed Dec 22 09:52:43 EST 2004
(root/admin at MYREALM.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 4, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]


--- Chris Hallenbeck <cthallen at aol.net> wrote:

> David "3oz" Sonenberg wrote:
> 
> > lt-sample-server: SASL Other: GSSAPI Error: 
> > Miscellaneous failure (see text) (failed to find
> > host/ldap.myrealm.com at MYREALM.COM(kvno 3) in
> keytab
> > FILE:/etc/kerberos/krb5.keytab)
> 
> > scp /tmp/ldap.keytab
> > ldap.myrealm.com:/etc/krb5/krb5.keytab
> > scp /tmp/Manager.keytab
> ldap.myrealm.com:/etc/openldap
> 
>    The error message in this case is looking for
> your keytab in
> /etc/*kerberos*/krb5.keytab, but you scp'd the file
> to
> /etc/*krb5*/krb5.keytab.
> 
>    If that was a typo on your part *grin*, we'll
> move on to other ways 
> to troubleshoot this:
> 
> klist -k -t /etc/_PATH_/krb5.keytab
> 
> In the output, you'll have KVNO info.
> 
> kadmin -q "getprinc
> host/ldap.myrealm.com at MYREALM.COM"
> 
> Compare the KVNO info. Do they match?
> 
> 
> -Chris
> 

> ATTACHMENT part 2 application/x-pkcs7-signature
name=smime.p7s




	
		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail

More information about the Kerberos mailing list