Wallet/remctld: Wrong principal in request
Russ Allbery
rra at stanford.edu
Fri Oct 26 21:41:41 EDT 2012
Andreas Ntaflos <daff at pseudoterminal.org> writes:
> But doing simple wallet test runs, like these
> daff at auth01 $ wallet -u daff get keytab test
> daff at auth01 $ wallet -u daff/admin get keytab test
> daff at other01 $ wallet -u daff get keytab test
> daff at other01 $ wallet -u daff/admin get keytab test
> all make remctld complain about a wrong principal in request, like this:
> remctld[29898]: connect from 10.1.7.41 (10.1.7.41)
> remctld[29898]: GSS-API error while accepting context: Unspecified GSS
> failure. Minor code may provide more information, Wrong principal in
> request
> ...
> remctld[29047]: connect from 10.1.7.11 (10.1.7.11)
> remctld[29047]: GSS-API error while accepting context: Unspecified GSS
> failure. Minor code may provide more information, Wrong principal in
> request
When you do a klist after you run wallet, what principal shows up in your
local ticket cache? It's not the same principal as is in /etc/krb5.keytab
on the remote system.
Usually this means that there's something wrong with your DNS resolution.
Something isn't matching somewhere.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list