Problem in gss-server

Sankar Das sankar_das at yahoo.com
Mon Sep 3 09:58:01 EDT 2012


Hi Greg,
 
I have tried by adding "rdns=false" in krb5.conf file but still I am getting the same error while running the server. Is there anything else that I should look into?
 
Thanks
Sankar


--- On Thu, 8/30/12, Greg Hudson <ghudson at MIT.EDU> wrote:


From: Greg Hudson <ghudson at MIT.EDU>
Subject: Re: Problem in gss-server
To: "Sankar Das" <sankar_das at yahoo.com>
Cc: krbdev at mit.edu
Date: Thursday, August 30, 2012, 9:09 PM


On 08/30/2012 10:51 AM, Sankar Das wrote:
> GSS-API error acquiring credentials: Unspecified GSS failure.  Minor code may provide more information
> GSS-API error acquiring credentials: No principal in keytab matches desired name
[...]
> I have tried giving different combination of "service_name" but nothing works. Can somebody tell me what I am missing?

You need the following three things to match:

* The canonicalization of the service hostname on the client
* The canonicalization of the service hostname on the server
* The principal in the keytab

Canonicalization of a hostname is done through forward name resolution
(getaddrinfo) and then reverse name resolution (getaddrinfo).  The
second part can sometimes be disabled by setting rdns = false in
[libdefaults] in krb5.conf--only sometimes, because getaddrinfo on Linux
may perform a reverse lookup to get the canonical name depending on how
it's invoked.

On the client side, the above canonicalization steps normally happen
through DNS.  On the server side, they usually go through /etc/hosts
instead.  Be sure to check any IPv6 entries you might have in /etc/hosts
as well as IPv4 entries, as they can sometimes be used.



More information about the krbdev mailing list