Wrong principal in request error on gss_accept_sec_context()
Greg Hudson
ghudson at mit.edu
Fri Dec 19 11:24:30 EST 2014
On 12/18/2014 02:02 PM, Xie, Hugh wrote:
> I am getting "Wrong principal in request" error on gss_accept_sec_context() on one host but does not on another. I verified /etc/hosts, both host conform to this format
>
> # Default /etc/hosts file
> 127.0.0.1 localhost.localdomain localhost
> 123.150.123.123 myhost.bankdomain.com myhost
>
> Are there any other causes for this error?
> I am using krb5 1.11.5
Unfortunately several things can cause this error in 1.11. (In 1.13 we
try harder to disambiguate.) Information which might help:
* What do "hostname" and "hostname -f" say on each host?
* What OS are these hosts running?
* What server application are you getting the error from? If it's a
custom application, what name was imported to create the
verifier_cred_handle argument of gss_accept_sec_context?
* Did you recently re-key one of the hosts without retaining the old
keytab? (If so, run kinit again on the client to flush any old service
tickets.)
More information about the Kerberos
mailing list