Wrong principal in request error on gss_accept_sec_context()

Xie, Hugh hugh.xie at bankofamerica.com
Sat Dec 20 21:28:33 EST 2014

No it is different computer accounts. Keytab is created using ktutil.

-----Original Message-----
From: Greg Hudson [ghudson at mit.edu<mailto:ghudson at mit.edu>]
Sent: Saturday, December 20, 2014 03:03 PM Eastern Standard Time
To: Xie, Hugh;
Subject: Re: Wrong principal in request error on gss_accept_sec_context()

On 12/19/2014 01:33 PM, Xie, Hugh wrote:
> We are using the same account on both hosts the Principal in the keytab is "myacct at COMMON.BANKOFAMERICA.COM"

> The service ticket on the clients has the principal of:
> HTTP/host1.bankofamerica.com @ COMMON.BANKOFAMERICA.COM
> HTTP/host2.site123.baml.com @ COMMON.BANKOFAMERICA.COM

I guess this is an Active Directory KDC, and you are using a single
computer account for both hosts?  (That's not the usual recommended
practice, but I assume you have a reason for it.)  How did you create
the keytabs for the hosts?

This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended recipient, please delete this message.

More information about the Kerberos mailing list