Kadmin GSS-API Error
Lynn Zhang
lyzhang at umich.edu
Fri Sep 17 16:32:52 EDT 2004
On Fri, 17 Sep 2004, Tom Yu wrote:
> >>>>> "lyzhang" == Lynn Zhang <lyzhang at umich.edu> writes:
>
> lyzhang> Should the kadmin form 1.3.4 talks to kadmind from 1.2.8? Or
> lyzhang> I may ignore the error, just upgrade the KDC first, then the
> lyzhang> client, so the kadmin client and server will be the same
> lyzhang> version.
>
> The kadmin client from 1.3.4 should be able to talk to the kadmind
> from 1.2.8. If it can't, it could be a bug.
>
> ---Tom
>
That's what I hope. Because from the same machine, I could use
kadmin (which is from 1.2.8, and it is same version as the KDC) to
contact the same KDC without a problem. The client and the KDC 's environment
are not changed, except the kadmin's version is different.
I would like to get more useful error msgs, maybe in the future I could do
thing like "kadmind -D" or "kadmin -D"
The next is the out put of the snoop command, hope you could find some
hints from it.
Using device /dev/eri (non promiscuous)
hyp is the client machine, fly is the KDC.
Thanks so much,
Lynn
The next will get the "GSS-API (or Kerberos) error while initializing
kadmin interface"
hypatia.lsait.lsa.umich.edu -> fleming.lsa.umich.edu TCP D=749 S=32876 Syn
Seq=3893305037 Len=0 Win=32850 Options=<nop,wscale 1,nop,nop,tstamp 63001
0,nop,nop,sackOK,mss 1460>
fleming.lsa.umich.edu -> hypatia.lsait.lsa.umich.edu TCP D=32876 S=749 Syn
Ack=3893305038 Seq=1319902512 Len=0 Win=33304 Options=<nop,nop,tstamp
694866642 63001,nop,wscale 1,nop,nop,sackOK,mss 1460>
hypatia.lsait.lsa.umich.edu -> fleming.lsa.umich.edu TCP D=749 S=32876
Ack=1319902513 Seq=3893305038 Len=0 Win=33304 Options=<nop,nop,tstamp
63001 694866642>
hypatia.lsait.lsa.umich.edu -> fleming.lsa.umich.edu RPC C XID=1095061077
PROG=2112 (?) VERS=2 PROC=1
fleming.lsa.umich.edu -> hypatia.lsait.lsa.umich.edu TCP D=32876 S=749
Ack=3893305594 Seq=1319902513 Len=0 Win=33304 Options=<nop,nop,tstamp
694866647 63006>
fleming.lsa.umich.edu -> hypatia.lsait.lsa.umich.edu RPC R (#11)
XID=1095061077 Success
hypatia.lsait.lsa.umich.edu -> fleming.lsa.umich.edu TCP D=749 S=32876
Ack=1319902733 Seq=3893305594 Len=0 Win=33304 Options=<nop,nop,tstamp
63008 694866649>
hypatia.lsait.lsa.umich.edu -> fleming.lsa.umich.edu RPC C XID=1095061076
PROG=2112 (?) VERS=2 PROC=13
fleming.lsa.umich.edu -> hypatia.lsait.lsa.umich.edu RPC R (#15)
XID=1095061076
hypatia.lsait.lsa.umich.edu -> fleming.lsa.umich.edu TCP D=749 S=32876
Ack=1319902885 Seq=3893305778 Len=0 Win=33304 Options=<nop,nop,tstamp
63019 694866649>
This is connecting OK
hyp.language.umich.edu -> fly.language.umich.edu TCP D=749 S=32876 Syn
Seq=3893305037 Len=0 Win=32850 Options=<nop,wscale 1
,nop,nop,tstamp 63001 0,nop,nop,sackOK,mss 1460>
fly.language.umich.edu -> hyp.language.umich.edu TCP D=32876 S=749 Syn
Ack=3893305038 Seq=1319902512 Len=0 Win=33304 Option
s=<nop,nop,tstamp 694866642 63001,nop,wscale 1,nop,nop,sackOK,mss 1460>
hyp.language.umich.edu -> fly.language.umich.edu TCP D=749 S=32876
Ack=1319902513 Seq=3893305038 Len=0 Win=33304 Option
s=<nop,nop,tstamp 63001 694866642>
hyp.language.umich.edu -> fly.language.umich.edu RPC C XID=1095061077
PROG=2112 (?) VERS=2 PROC=1
fly.language.umich.edu -> hyp.language.umich.edu TCP D=32876 S=749
Ack=3893305594 Seq=1319902513 Len=0 Win=33304 Option
s=<nop,nop,tstamp 694866647 63006>
fly.language.umich.edu -> hyp.language.umich.edu RPC R (#11)
XID=1095061077 Success
hyp.language.umich.edu -> fly.language.umich.edu TCP D=749 S=32876
Ack=1319902733 Seq=3893305594 Len=0 Win=33304 Option
s=<nop,nop,tstamp 63008 694866649>
hyp.language.umich.edu -> fly.language.umich.edu RPC C XID=1095061076
PROG=2112 (?) VERS=2 PROC=13
fly.language.umich.edu -> hyp.language.umich.edu RPC R (#15)
XID=1095061076
hyp.language.umich.edu -> fly.language.umich.edu TCP D=749 S=32876
Ack=1319902885 Seq=3893305778 Len=0 Win=33304 Option
s=<nop,nop,tstamp 63019 694866649>
*=======================================*
* Lynn Zhang *
* LS&A System Services Team *
* lyzhang at umich.edu *
*=======================================*
More information about the Kerberos
mailing list