[36679] in Kerberos
Re: Wrong principal in request error on gss_accept_sec_context()
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Dec 19 11:24:59 2014
Message-ID: <5494513E.8060101@mit.edu>
Date: Fri, 19 Dec 2014 11:24:30 -0500
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: "Xie, Hugh" <hugh.xie@bankofamerica.com>,
"<kerberos@mit.edu>" <Kerberos@mit.edu>
In-Reply-To: <7E270C3427928E499F189C5636C52CDC45C6CF6D@smtp_mail.bankofamerica.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 12/18/2014 02:02 PM, Xie, Hugh wrote:
> I am getting "Wrong principal in request" error on gss_accept_sec_context() on one host but does not on another. I verified /etc/hosts, both host conform to this format
>
> # Default /etc/hosts file
> 127.0.0.1 localhost.localdomain localhost
> 123.150.123.123 myhost.bankdomain.com myhost
>
> Are there any other causes for this error?
> I am using krb5 1.11.5
Unfortunately several things can cause this error in 1.11. (In 1.13 we
try harder to disambiguate.) Information which might help:
* What do "hostname" and "hostname -f" say on each host?
* What OS are these hosts running?
* What server application are you getting the error from? If it's a
custom application, what name was imported to create the
verifier_cred_handle argument of gss_accept_sec_context?
* Did you recently re-key one of the hosts without retaining the old
keytab? (If so, run kinit again on the client to flush any old service
tickets.)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
