Question about gss-client

lizhong lizhong at
Thu Aug 24 23:48:33 EDT 2006

I changed the gss_import_name's third parameter from gss_nt_service_name to GSS_C_NT_USER_NAME, and the client works well now.
[root at gcnode029 gss-sample]# ./gss-server test
[root at gcnode026 gss-sample]# ./gss-client gcnode029.cap test/gcnode029 "hello"
Where test/gcnode029 at is the SPN of the gss-server

----- Original Message ----- 
From: "lizhong" <lizhong at>
To: <kerberos at>
Sent: Friday, August 25, 2006 10:42 AM
Subject: Question about gss-client

> Hi all,
>    I have started gss-server on machine gcnode029, and now I try to start gss-client on machine gcnode026.
>    But I found that everytime I run gss-client with cmd:
> [root at gcnode026 gss-sample]# ./gss-client gcnode029.cap test "adde"
>    The gss-server will tell me that :
> GSS-API error accepting context: Unspecified GSS failure.  Minor code may provide more information
> GSS-API error accepting context: Wrong principal in request
>    And log of the kdc server as follows:
> Aug 25 09:47:29 gcnode028 krb5kdc[2852](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) ISSUE: authtime 1156470446, etypes {rep=1 tkt=1 ses=1}, tt/tt at for test/gcnode026 at
>    It seems that the kdc server did not give the gss-client the right service ticket for test/gcnode029 at
>    If I run gss-client on gcnode029, everything runs well, and the kdc log :
> Aug 25 09:18:29 gcnode028 krb5kdc[2852](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) ISSUE: authtime 1156468709, etypes {rep=1 tkt=1 ses=1}, aa/aa at for test/gcnode029 at
>    I guess the gss-client/gss-server are designed to run on two different machines.So why did the gss-client ask for a wrong ticket?How can I get ticket for test/gcnode029 at on gcnode026?


> ________________________________________________
> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list