[krbdev.mit.edu #8631] Improve error message for GSS service ticket mismatch
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Sat Jan 13 11:57:49 EST 2018
If you do "kinit -S servicename" and then contact that server principal
using GSSAPI, it works, assuming you used the correct service name.
If you use the wrong service name, you get the error message "Matching
credential not found" (and the ccache filename, after ticket 8052).
This message is unclear, firstly because it talks about an
implementation concern (finding a ticket that matches criteria chosen
by krb5_get_credential()) and secondly because it doesn't provide
enough parameters--most importantly for this use case, what service
principal we were looking for.
More information about the krb5-bugs
mailing list