Wrong principal in request error on gss_accept_sec_context()
Xie, Hugh
hugh.xie at bankofamerica.com
Thu Jan 15 10:38:25 EST 2015
Kvno returns 15. I created a new entry HTTP/host2.site123.baml.com @ COMMON.BANKOFAMERICA.COM in keytab with kvno = 15. I still get the same "wrong principal error"
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf Of Xie, Hugh
Sent: Monday, January 05, 2015 9:37 PM
To: Greg Hudson; '<kerberos at mit.edu>'
Subject: RE: Wrong principal in request error on gss_accept_sec_context()
1. /efs/dist/kerberos/mit/1.11.5/exec/bin/klist -k -t $KRB5_KTNAME Keytab name: FILE: /tmp/myacct.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
2 12/17/2014 15:30:08 myacct at COMMON.BANKOFAMERICA.COM
2. This is window client output recorded at the time:
Cached Tickets: (2)
#0> Client: winlogin @ COMMON.BANKOFAMERICA.COM
Server: krbtgt/COMMON.BANKOFAMERICA.COM @ COMMON.BANKOFAMERICA.COM
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authen
Start Time: 12/18/2014 13:13:36 (local)
End Time: 12/18/2014 22:13:36 (local)
Renew Time: 12/28/2014 13:13:36 (local)
Session Key Type: RSADSI RC4-HMAC(NT)
#1> Client: winlogin @ COMMON.BANKOFAMERICA.COM
Server: HTTP/host2.site123.baml.com @ COMMON.BANKOFAMERICA.COM
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
Ticket Flags 0x40a00000 -> forwardable renewable pre_authent
Start Time: 12/18/2014 13:13:36 (local)
End Time: 12/18/2014 21:33:36 (local)
Renew Time: 12/28/2014 13:13:36 (local)
Session Key Type: RSADSI RC4-HMAC(NT)
3. What is the window equivalent command on windows?
-----Original Message-----
From: Greg Hudson [mailto:ghudson at mit.edu]
Sent: Monday, January 05, 2015 5:12 PM
To: Xie, Hugh; '<kerberos at mit.edu>'
Subject: Re: Wrong principal in request error on gss_accept_sec_context()
On 01/05/2015 04:04 PM, Xie, Hugh wrote:
> Any follow up on this issue? Do you need any more information? Should I turn on debugger to see where this error occurred, if yes I need some pointer which files to set break points.
I'm a bit confused by the information given so far, and I think some of my questions weren't clear enough. Let's start over.
For the non-working server only:
1. On the server, run "klist -k" (or "klist -k -t /path/to/keytab" if the server is using a special keytab location). What is the output?
2. On the client, run kinit so that you have a fresh credential cache, then try to connect. Then run klist. Other than krbtgt/COMMON.BANKOFAMERICA.COM at COMMON.BANKOFAMERICA.COM, what service principal appears in the output?
3. On the client, run "kvno SPRINC", where SPRINC is the answer to question 2. What is the output?
----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
More information about the Kerberos
mailing list