Wrong principal in request error on gss_accept_sec_context()

Greg Hudson ghudson at mit.edu
Thu Jan 15 23:49:20 EST 2015

On 01/15/2015 05:18 PM, Xie, Hugh wrote:
> I upgrade the version of krb5 lib to version 1.13. Got more specific error:
> Request ticket server HTTP/ host2.site123.baml.com at COMMON.BANKOFAMERICA.COM kvno 15 enctype rc4-hmac found in keytab but cannot decrypt ticket
> Any idea?

Whatever procedure you are using to generate the keytab entry is not
generating the same key as the one present on the KDC.

I am not personally very familiar with creating keytabs for use with
Active Directory KDCs, but I know a lot of people use msktutil for that
purpose, rather than ktutil.

More information about the Kerberos mailing list