Wrong principal in request error on gss_accept_sec_context()

Greg Hudson ghudson at mit.edu
Mon Jan 5 17:11:54 EST 2015


On 01/05/2015 04:04 PM, Xie, Hugh wrote:
> Any follow up on this issue? Do you need any more information? Should I turn on debugger to see where this error occurred, if yes I need some pointer which files to set break points.

I'm a bit confused by the information given so far, and I think some of
my questions weren't clear enough.  Let's start over.

For the non-working server only:

1. On the server, run "klist -k" (or "klist -k -t /path/to/keytab" if
the server is using a special keytab location).  What is the output?

2. On the client, run kinit so that you have a fresh credential cache,
then try to connect.  Then run klist.  Other than
krbtgt/COMMON.BANKOFAMERICA.COM at COMMON.BANKOFAMERICA.COM, what service
principal appears in the output?

3. On the client, run "kvno SPRINC", where SPRINC is the answer to
question 2.  What is the output?


More information about the Kerberos mailing list