[31853] in Kerberos
Re: Wrong principal in request
daemon@ATHENA.MIT.EDU (Jeff Blaine)
Mon Jan 4 15:30:07 2010
Message-ID: <4B424FC3.30504@kickflop.net>
Date: Mon, 04 Jan 2010 15:29:55 -0500
From: Jeff Blaine <jblaine@kickflop.net>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <4B3B9CEA.6000904@kickflop.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>> Server: CentOS 5.3, MIT Kerberos 1.6.x, Russ Alberry's pam_krb5
>
>> Failure: Aside from GSSAPI not being used...
>
>> sshd[12234]: pam_krb5RA(sshd:auth): pam_sm_authenticate: entry (0x1)
>> sshd[12234]: pam_krb5RA(sshd:auth): (user jblaine) attempting
>> authentication as jblaine at FOO
>> sshd[12234]: pam_krb5RA(sshd:auth): (user jblaine) credential
>> verification failed: Wrong principal in request
>
> Usually this means the principal in the system keytab for your system
> doesn't agree with the hostname or DNS name of the system.
>
Thanks Russ.
* Is there any way to see what principal is expected to be in
the keytab? I've already added host/mega and host/192.168.1.6
to the keytab...
* This is all in a private non-routed testbed network with no
DNS resolution configured. Am I fighting an unwinnable battle
with a testbed like this? I don't want to depend on DNS at
all, and /etc/nsswitch.conf's are configured as such.
Jeff
[ finally subscribed in non-digest mode so he can reply properly ]
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
