Question about gss-client

lizhong lizhong at
Thu Aug 24 22:42:25 EDT 2006

Hi all,
    I have started gss-server on machine gcnode029, and now I try to start gss-client on machine gcnode026.
    But I found that everytime I run gss-client with cmd:
[root at gcnode026 gss-sample]# ./gss-client gcnode029.cap test "adde"

    The gss-server will tell me that :
GSS-API error accepting context: Unspecified GSS failure.  Minor code may provide more information
GSS-API error accepting context: Wrong principal in request

    And log of the kdc server as follows:
Aug 25 09:47:29 gcnode028 krb5kdc[2852](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) ISSUE: authtime 1156470446, etypes {rep=1 tkt=1 ses=1}, tt/tt at for test/gcnode026 at
    It seems that the kdc server did not give the gss-client the right service ticket for test/gcnode029 at
    If I run gss-client on gcnode029, everything runs well, and the kdc log :
Aug 25 09:18:29 gcnode028 krb5kdc[2852](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) ISSUE: authtime 1156468709, etypes {rep=1 tkt=1 ses=1}, aa/aa at for test/gcnode029 at
    I guess the gss-client/gss-server are designed to run on two different machines.So why did the gss-client ask for a wrong ticket?How can I get ticket for test/gcnode029 at on gcnode026?

More information about the Kerberos mailing list