Wrong principal in request error on gss_accept_sec_context()

Greg Hudson ghudson at mit.edu
Fri Dec 19 11:24:30 EST 2014

On 12/18/2014 02:02 PM, Xie, Hugh wrote:
> I am getting "Wrong principal in request" error on gss_accept_sec_context() on one host but does not on another. I verified /etc/hosts, both host conform to this format
> # Default /etc/hosts file
>       localhost.localdomain localhost
>  myhost.bankdomain.com myhost
> Are there any other causes for this error?
> I am using krb5 1.11.5

Unfortunately several things can cause this error in 1.11.  (In 1.13 we
try harder to disambiguate.)  Information which might help:

* What do "hostname" and "hostname -f" say on each host?

* What OS are these hosts running?

* What server application are you getting the error from?  If it's a
custom application, what name was imported to create the
verifier_cred_handle argument of gss_accept_sec_context?

* Did you recently re-key one of the hosts without retaining the old
keytab?  (If so, run kinit again on the client to flush any old service

More information about the Kerberos mailing list