gss-client error

lizhong lizhong at ncic.ac.cn
Wed Aug 23 05:15:49 EDT 2006 

Hi all,
    I am using gss-client to connect to my gss-server.I have 3 linux machines ,machine A is running kdc,machine B is running gss-server,and machine C is running gss-client.
    I have created test/gcnode029 at test.com for gss-server.And I started gss-server on machine B with cmd:
[root at gcnode029 gss-sample]# ./gss-server -port 8888 test
    Then I started gss-client on machine C with cmd:
[root at gcnode026gss-sample]# ./gss-client -port 8888 gcnode029.cap test "halo"
    The gcnode029.cap is the DNS name of machine B.
    But I got the error message below:
    On machine B running gss-server:
GSS-API error accepting context: Unspecified GSS failure.  Minor code may provide more information
GSS-API error accepting context: Wrong principal in request
    On machine C running gss-client:
Sending init_sec_context token (size=475)...continue needed...reading token flags: 0 bytes read

    But if I run gss-client on machine B, together with gss-server, everything runs well.It seems as if the machine C need the right principal to connect the machine B. OK, I tried to use klist to show the principals and keytab files on both machine, and found nothing different:
    On machine B:
[root at gcnode029 gss-sample]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin/admin at test.com

Valid starting     Expires            Service principal
08/23/06 11:10:21  08/23/06 21:10:21  krbtgt/test.com at test.com
        renew until 08/24/06 11:10:20
08/23/06 15:49:20  08/23/06 21:10:21  test/gcnode029 at test.com
        renew until 08/24/06 11:10:20


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[root at gcnode029 gss-sample]# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   5 test/gcnode029 at test.com

    On machine C:
[root at gcnode026 gss-sample]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin/admin at test.com

Valid starting     Expires            Service principal
08/23/06 16:44:33  08/24/06 02:44:33  krbtgt/test.com at test.com
        renew until 08/24/06 16:44:34
08/23/06 16:44:51  08/24/06 02:44:33  test/gcnode026 at test.com
        renew until 08/24/06 16:44:34


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[root at gcnode026 gss-sample]# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   6 test/gcnode029 at test.com

    So I can not find what caused the error of wrong principal in request. Any help is appreciated!

More information about the Kerberos mailing list