[19533] in Kerberos
Re: kerberos ftpd bug? can't get it to work!
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Wed Jul 9 17:01:27 2003
Message-ID: <3F0C77C2.200369B8@anl.gov>
Date: Wed, 09 Jul 2003 15:14:58 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: root <jpalma78@hotmail.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
You are trying to hid your identity so well that one has troubles telling
what is your real problem.
It looks like the host is emssyb1.toplfo.fpl.com But I don't see this in DNS.
What is is really,and what names are really in the keytab?
root wrote:
>
> Does anyone know how to get ftp working on Kerberos V5. I can connect
> to the ftp server but I fail to authenticate. I keep getting an error
> message that "No principal in keytab matches desired name". But my
> keytab file appears correct. In fact, telnet and rsh are working.
> The only thing that doesn't work is ftp. I have tried removing the
> ftp entry from my keytab file (supposedly some versions of kerberos
> will not work with ftp/host; only host/host) and I connect using the
> FQDN (also heard ftp is qwerky about FQDNs) but I get exactly the same
> problems. I have tried everything and poured over all the docs I could
> get my hands on to no avail. I suspect it's something stupid I am
> overlooking or maybe there's some obscure work around. Anyway, my
> boss really wants this implemented and I am stumped. Anyone out there
> got any ideas? ANY HELP WILL BE GREATLY APPRECIATED!
>
> I PASTED THE ERROR AND MY KEYTAB FILE BELOW:
>
> root@psadmn2# /usr/kerberos/krb5-1.2.8/src/appl/gssftp/ftp/ftp
> emssyb1.xx.xx.xx
> Connected to emssyb1.toplfo.fpl.com.
> 220 emssyb1 FTP server (Version 5.60) ready.
> 334 Using authentication type GSSAPI; ADAT must follow
> GSSAPI accepted as authentication type
> GSSAPI error major: Miscellaneous failure
> GSSAPI error minor: No principal in keytab matches desired name
> GSSAPI error: acquiring credentials
> GSSAPI ADAT failed
> GSSAPI authentication failed
>
> emssyb1:/>/usr/kerberos/krb5-1.2.8/src/clients/klist/klist -k
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ---- --------------------------------------------------------------------------
> 3 ftp/myhost.domain.com@MYREALM
> 3 ftp/myhost.domain.com@MYREALM
> 3 host/myhost.domain.com@MYREALM
> 3 host/myhost.domain.com@MYREALM
> 3 telnet/myhost.domain.com@MYREALM
> 3 telnet/myhost.domain.com@MYREALM
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
