Wallet/remctld: Wrong principal in request

Russ Allbery rra at stanford.edu
Fri Oct 26 21:41:41 EDT 2012


Andreas Ntaflos <daff at pseudoterminal.org> writes:

> But doing simple wallet test runs, like these

> daff at auth01 $ wallet -u daff get keytab test
> daff at auth01 $ wallet -u daff/admin get keytab test
> daff at other01 $ wallet -u daff get keytab test
> daff at other01 $ wallet -u daff/admin get keytab test

> all make remctld complain about a wrong principal in request, like this:

> remctld[29898]: connect from 10.1.7.41 (10.1.7.41)
> remctld[29898]: GSS-API error while accepting context: Unspecified GSS
> failure.  Minor code may provide more information, Wrong principal in
> request
> ...
> remctld[29047]: connect from 10.1.7.11 (10.1.7.11)
> remctld[29047]: GSS-API error while accepting context: Unspecified GSS
> failure.  Minor code may provide more information, Wrong principal in
> request

When you do a klist after you run wallet, what principal shows up in your
local ticket cache?  It's not the same principal as is in /etc/krb5.keytab
on the remote system.

Usually this means that there's something wrong with your DNS resolution.
Something isn't matching somewhere.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list