Michael B Allen
mba2000 at ioplex.com
Mon Aug 21 10:29:51 EDT 2006
A Kerberos realm is always in uppercase . If you did *everything*
with a lowercase realm name I suspect things might work but perhaps not.
Or, based on the second error, perhaps there is a DNS issue?
 The realm is effectively the DNS domain in uppercase and therefore
it is not uncommon to see lowercase names (e.g. DNS oriented software).
On Mon, 21 Aug 2006 17:00:03 +0800
"lizhong" <lizhong at ncic.ac.cn> wrote:
> I'm trying to test with gss-client and gss-server but am unsuccessful in
> getting it to work.
> I have setup a MIT Realm called test.com and added a client named test/admin at test.com.
> I am able to kinit and get a ticket from the KDC.
> [root at gcnode029 gss-sample]# kinit
> Password for test/admin at test.com:
> kinit(v5): Password incorrect while getting initial credentials
> [root at gcnode029 gss-sample]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: test/admin at test.com
> Valid starting Expires Service principal
> 08/21/06 15:45:15 08/22/06 15:45:15 krbtgt/test.com at test.com
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> [root at gcnode029 gss-sample]#
> But if I run "gss-server -port 8888 -verbose -once test/admin at test.com", I met the following error:
> [root at gcnode029 gss-sample]# ./gss-server -port 8888 -verbose -once test/admin at test.com
> GSS-API error acquiring credentials: An invalid name was supplied
> GSS-API error acquiring credentials: Hostname cannot be canonicalized
> I guess I used the service name in an improper way. So what service name should I use? Thank you for any help!
Michael B Allen
PHP Active Directory SSO
More information about the Kerberos