Generic question regarding service principal required to access a kerberized ftp server
Greg Hudson
ghudson at MIT.EDU
Sat Apr 10 11:02:17 EDT 2010
On Sat, 2010-04-10 at 05:28 -0400, Elia Pinto wrote:
> I can get a TGS ftp /<KDC MVS hostname>@< KDC MVS REALMS> but it seems
> that the client also requests a TGS host /<KDC MVS hostname>@< KDC MVS
> REALMS> but this one is not defined on the KDC MVS and so the ftp
> client logon fail.
The ftp client tries to authenticate to ftp/hostname, then falls back to
host/hostname if that fails. So, no, you don't need a host/hostname
service, but you do have to figure out why the initial authentication is
failing.
More information about the Kerberos
mailing list