GSS_C_NO_NAME for desired_name?

Russ Allbery rra at
Sat Jan 1 13:08:55 EST 2011

Brian Candler <B.Candler at> writes:

> So if I understand it right, there isn't a problem with allowing a service
> to decrypt a ticket using any key in the keytab.  The problem is putting
> multiple service principals' keys in the same keytab in the first place.

> Does that make sense?

Yeah, that's the general consensus of most of us who run Kerberos, which
is the reason why people generally don't worry very much about software
accepting any key in the keytab.

Russ Allbery (rra at             <>

More information about the Kerberos mailing list