ftp client: authentication failed

Christopher D. Clausen cclausen at acm.org
Wed Jul 15 11:58:51 EDT 2009

Lloyd <lloyd at cdactvm.in> wrote:
> Hi,
>   I am new to kerberos and trying to set up in a sample scenario as
> part of learning. I have downloaded and installed Kerberos 5 on a
> Linux system. As per the install guide I have successfully configured
> KDC and Application server. in the application server the "ftpd"
> daemon is also started successfully. Now I dont know how to connect a
> client to the ftpd server.
> This is the output of klist in client side
> klist: You have no tickets cached
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: lloyd/admin at EFS.CYBER
> Valid starting     Expires            Service principal
> 07/15/09 17:09:01  07/16/09 17:08:55  krbtgt/EFS.CYBER at EFS.CYBER
> Kerberos 4 ticket cache: /tmp/tkt0
> And this is the output when I try ftp command in client side
> GSSAPI error minor: No principal in keytab matches desired name
> Am I missing something in Application server, KDC or in client?

The above is your problem.  Your client thinks your FTP server has a 
different name than what the keytab has a principal for.  Check the KDC 
log to see which principal the client requested and then fix your keytab 
and/or DNS and/or /etc/hosts on these systems.


More information about the Kerberos mailing list