gss-server error

Michael B Allen mba2000 at
Mon Aug 21 10:29:51 EDT 2006

A Kerberos realm is always in uppercase [1]. If you did *everything*
with a lowercase realm name I suspect things might work but perhaps not.

Or, based on the second error, perhaps there is a DNS issue?


[1] The realm is effectively the DNS domain in uppercase and therefore
it is not uncommon to see lowercase names (e.g. DNS oriented software).

On Mon, 21 Aug 2006 17:00:03 +0800
"lizhong" <lizhong at> wrote:

> I'm trying to test with gss-client and gss-server but am unsuccessful in 
> getting it to work.
> I have setup a MIT Realm called and added a client named test/admin at
> I am able to kinit and get a ticket from the KDC. 
> [root at gcnode029 gss-sample]# kinit
> Password for test/admin at 
> kinit(v5): Password incorrect while getting initial credentials
> [root at gcnode029 gss-sample]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: test/admin at
> Valid starting     Expires            Service principal
> 08/21/06 15:45:15  08/22/06 15:45:15  krbtgt/ at
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> [root at gcnode029 gss-sample]# 
> But if I run "gss-server -port 8888 -verbose -once test/admin at", I met the following error:
> [root at gcnode029 gss-sample]# ./gss-server -port 8888 -verbose -once test/admin at
> GSS-API error acquiring credentials: An invalid name was supplied
> GSS-API error acquiring credentials: Hostname cannot be canonicalized
> I guess I used the service name in an improper way. So what service name should I use? Thank you for any help!

Michael B Allen
PHP Active Directory SSO

More information about the Kerberos mailing list