Kerberos5 FTP not working. Neep Help!

Ken Raeburn raeburn at MIT.EDU
Tue Nov 16 19:22:08 EST 2004

On Nov 16, 2004, at 19:15, James Chen wrote:
> Hi Ken and Douglas,
> Thanks a lot for answering my question!
> I changed the hostname of my server and client to and
> respetively. The 220 reply shows the FQDN of server :
> 220 FTP server (Version 5.60) ready.
> However, I get another error : Key version number for principal in key
> table is incorrect. I checked klist -ke and getprinc on
> output below). The KVNO is different for both
> ftp/ and host/ I think the reason they
> are different is that I added the key for principal
> ftp/, host/ on both server and client.

You don't need the key for the server on the client system.

> Each time I run ktadd for a principal, the KVNO increases. If I remove
> these two keys on the server, I got the same error "GSSAPI error minor:
> No principal in keytab matches desired name" again. Should I use 
> "ktadd"
> to add these keys to keytab on or or
> both? Could you give me some suggestion what I should try next? ( I
> attached some console output below)

Yes, re-adding the key on the server will update the version again, and 
the keytab should then be consistent with the database.  Note that if 
your ticket file on the client already has a ticket for the service, 
it'll have no way of knowing that it's out of date, so you should run 
kinit again.


More information about the Kerberos mailing list