ftp client: authentication failed
Christopher D. Clausen
cclausen at acm.org
Wed Jul 15 11:58:51 EDT 2009
Lloyd <lloyd at cdactvm.in> wrote:
> I am new to kerberos and trying to set up in a sample scenario as
> part of learning. I have downloaded and installed Kerberos 5 on a
> Linux system. As per the install guide I have successfully configured
> KDC and Application server. in the application server the "ftpd"
> daemon is also started successfully. Now I dont know how to connect a
> client to the ftpd server.
> This is the output of klist in client side
> klist: You have no tickets cached
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: lloyd/admin at EFS.CYBER
> Valid starting Expires Service principal
> 07/15/09 17:09:01 07/16/09 17:08:55 krbtgt/EFS.CYBER at EFS.CYBER
> Kerberos 4 ticket cache: /tmp/tkt0
> And this is the output when I try ftp command in client side
> GSSAPI error minor: No principal in keytab matches desired name
> Am I missing something in Application server, KDC or in client?
The above is your problem. Your client thinks your FTP server has a
different name than what the keytab has a principal for. Check the KDC
log to see which principal the client requested and then fix your keytab
and/or DNS and/or /etc/hosts on these systems.
More information about the Kerberos