ssh gssapi-with-mic and "Key table entry not found"
Greg Hudson
ghudson at MIT.EDU
Wed Aug 8 12:48:28 EDT 2012
On 08/08/2012 12:33 PM, Greg Hudson wrote:
> If the server is running krb5 1.7 or later, this kind of problem should
> result in a "Wrong principal in request" error in the sshd output (which
> is still not very clear, but at least helps distinguish the problem from
> sshd trying to acquire the wrong credentials). If the server is running
> krb5 1.6.x (as in your case), the error will be "Key able entry not found".
Apologies; I made a mistake when reading the 1.6.x code. In krb5 1.6.x,
the error in this situation will be "Key version number for principal in
key table is incorrect", which is pretty clear. So perhaps your
problems yesterday were not the result of key version mismatches, since
you were getting "Key table entry not found" errors.
(I was right about what the error will be in 1.7.x or later. This is a
regression, and I'll open a bug about it. But that problem is not
germane to your situation.)
More information about the Kerberos
mailing list