"Negative cache rejected lookup for" host/princ when using GSSAPI + ssh on Mac OS X 10.6

Jonathan Simms slyphon at gmail.com
Wed Sep 22 21:43:28 EDT 2010


I found only one reference to the string "Negative cache rejected
lookup for" searching google for information, so I figured I'd ask
here. I'm connecting from a Mac OS X 10.6 box to a Debian 5 install. I
am kinited on osx, and try to ssh to to the debian box, i get the
following error message in the debug output:

debug1: Unspecified GSS failure.  Minor code may provide more information
Negative cache rejected lookup for 'host/$FQDN@$REALM'

debug1: Unspecified GSS failure.  Minor code may provide more information
Server not found in Kerberos database

debug1: Unspecified GSS failure.  Minor code may provide more information


When I ssh to another box and kinit there, then ssh over to the same
host, it does the GSS exchange fine, forwards my credentials, and i
see the host's ticket when i do klist.

Any clue what this negative cache is on OS-X and how to clear it? The
only reference I found was
http://eyck.forumakad.pl/~eyck/log/Tips/Kerberos.Negative.Cache.Rejected.Lookup.html
and I'd rather not reboot my box if i can help it :)

-- Jonathan



More information about the Kerberos mailing list