Wrong principal in request error on gss_accept_sec_context()

Greg Hudson ghudson at mit.edu
Sat Dec 20 15:03:51 EST 2014

On 12/19/2014 01:33 PM, Xie, Hugh wrote:
> We are using the same account on both hosts the Principal in the keytab is "myacct at COMMON.BANKOFAMERICA.COM"

> The service ticket on the clients has the principal of:
> HTTP/host1.bankofamerica.com @ COMMON.BANKOFAMERICA.COM
> HTTP/host2.site123.baml.com @ COMMON.BANKOFAMERICA.COM

I guess this is an Active Directory KDC, and you are using a single
computer account for both hosts?  (That's not the usual recommended
practice, but I assume you have a reason for it.)  How did you create
the keytabs for the hosts?

More information about the Kerberos mailing list