GetErrorLongString for error 20071

Jim Matthews matthews at fetchsoftworks.com
Wed Apr 24 12:27:01 EDT 2002 

At 11:37 AM -0400 4/24/02, Miro Jurisic wrote:
>>>#define         AD_NOTGT   71	/* Don't have tgt */
>>>Also, is there some obvious reason why a user would get that error code?
>
>Usually you get this when you are incorrectly trying v4 cross-realm 
>authentication, which usually means that the default realm in 
>libdefaults is incorrect

Thanks, both of you.  The user is at Yale, and it looks like he's 
only got one realm configured.  I have another report of problems 
with KClient FTP to www.yale.edu, from Peter Furmonavicius, but in 
that case he's getting a server error message rather than a KClient 
error.  In case anything rings a bell, here's what the user getting 
the 20071 error has sent me.  I wonder what server this is....

User's report:

As suggested, I've tried Fetch 4.0.2b1. It reports "Unknown 
Error20071" (spacing as shown). Any further ideas or suggestions?

Here's the Transcript Window:
------------------------------------
Fetch 4.0.2b1 System 0x1014 Serial FETCHED001-12KB-0W54 TEST
Connecting to www.yale.edu port 21 (4/23/02 9:47:00 PM)
220 Pantheon *** Kerberos-only *** FTP server (Version 6.00+krb4-1.0.2) ready.
ADAT
503 You must issue an AUTH first.
AUTH KERBEROS_V4
334 Send authorization data.
sec_krbv4_get_auth_data() krbv4_service_name = ftp.elsinore
sec_krbv4_get_auth_data() krbv4_service_name = rcmd.elsinore
--------------------------------
It appears that Fetch has obtained valid Kerberos tickets. The window 
in the Kerberos application shows tickets for both v4 and v5.

For what it's worth, here is the Kerberos config file (which may not 
be correct, I suppose):
----------------------------------------
domain_realm]
.yale.edu = NET.YALE.EDU
.net.yale.edu = NET.YALE.EDU
.its.yale.edu = NET.YALE.EDU
.cis.yale.edu = NET.YALE.EDU
.ycc.yale.edu = NET.YALE.EDU

[libdefaults]
default_realm = NET.YALE.EDU
ticket_lifetime = 600
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc

[realms]
NET.YALE.EDU = {
kdc = kserv1.net.yale.edu:750
kdc = kserv2.net.yale.edu:750
kdc = kserv3.net.yale.edu:750
}
[v4 realms]
NET.YALE.EDU = {
kdc = kserv1.net.yale.edu:750
kdc = kserv2.net.yale.edu:750
kdc = kserv3.net.yale.edu:750
}
[v4 domain_realm]
.yale.edu = NET.YALE.EDU
.net.yale.edu = NET.YALE.EDU
.its.yale.edu = NET.YALE.EDU
.cis.yale.edu = NET.YALE.EDU
.ycc.yale.edu = NET.YALE.EDU
-------------------------------------

Thanks,
-- 
Jim Matthews
Fetch Softworks
http://fetchsoftworks.com

More information about the krbdev mailing list