[32322] in Kerberos
error message after kdestroy
daemon@ATHENA.MIT.EDU (Yang Li)
Wed May 12 10:19:55 2010
Message-ID: <BLU133-DS2FA33E726AE100D8ED7D1CEFB0@phx.gbl>
From: "Yang Li" <sharepointlink@hotmail.com>
To: <kerberos@mit.edu>
In-Reply-To: <AANLkTil404g7-OyuHZgcrfToD_3cnStB6KqqrS1wUHWX@mail.gmail.com>
Date: Wed, 12 May 2010 10:19:38 -0400
MIME-Version: 1.0
Content-Language: en-us
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
after kdestroy command, i get the following error message on any other
commands such as klist or kinit. Any idea?
No credentials cache found while getting default ccache
Thanks, -Yang
-----Original Message-----
From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf
Of Elia Pinto
Sent: Wednesday, May 12, 2010 9:43 AM
To: Greg Hudson
Cc: kerberos@mit.edu
Subject: Re: Generic question regarding service principal required to access
a kerberized ftp server
2010/4/10 Greg Hudson <ghudson@mit.edu>:
> On Sat, 2010-04-10 at 05:28 -0400, Elia Pinto wrote:
>> I can get a TGS ftp /<KDC MVS hostname>@< KDC MVS REALMS> but it seems
>> that the client also requests a TGS host /<KDC MVS hostname>@< KDC MVS
>> REALMS> but this one is not defined on the KDC MVS and so the ftp
>> client logon fail.
>
> The ftp client tries to authenticate to ftp/hostname, then falls back to
> host/hostname if that fails. So, no, you don't need a host/hostname
> service, but you do have to figure out why the initial authentication is
> failing.
First of all, thanks for the fast replay. It was not easy to find the
problem,
given that from the logs of Z / OS KDC looked like a kerberos problem.
Instead
the true problem was that the Z/OS KDC was using code page IBM-1047
while the FTP server uses the code page IBM-280. And between the two
different code pages, in particular, the hexadecimal representation of
the @ character in IBM-280 matches the character §, and vice versa.
In particular in the ftp server configuration file 'ftp.env' was
defined as the variable:
LC_ALL = It_IT.IBM-280
While in the configuration file kdc 'envar' was defined in the variable:
LANG = En_US.IBM-1047
I have then changed the code page of the IBM ftp to IBM-1047.
And work perfectly.
Thanks again
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
