[36708] in Kerberos
RE: Wrong principal in request error on gss_accept_sec_context()
daemon@ATHENA.MIT.EDU (Xie, Hugh)
Mon Jan 5 16:04:32 2015
Date: Mon, 05 Jan 2015 21:04:02 +0000
From: "Xie, Hugh" <hugh.xie@bankofamerica.com>
In-reply-to: <7E270C3427928E499F189C5636C52CDC45C6F78A@smtp_mail.bankofamerica.com>
To: "'Greg Hudson'" <ghudson@mit.edu>,
"'<kerberos@mit.edu>'" <Kerberos@mit.edu>
Message-id: <7E270C3427928E499F189C5636C52CDC45C76C24@smtp_mail.bankofamerica.com>
MIME-version: 1.0
Content-language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Any follow up on this issue? Do you need any more information? Should I turn on debugger to see where this error occurred, if yes I need some pointer which files to set break points.
Thanks.
-----Original Message-----
From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of Xie, Hugh
Sent: Saturday, December 20, 2014 9:29 PM
To: 'Greg Hudson'; '<kerberos@mit.edu>'
Subject: RE: Wrong principal in request error on gss_accept_sec_context()
No it is different computer accounts. Keytab is created using ktutil.
-----Original Message-----
From: Greg Hudson [ghudson@mit.edu<mailto:ghudson@mit.edu>]
Sent: Saturday, December 20, 2014 03:03 PM Eastern Standard Time
To: Xie, Hugh;
Subject: Re: Wrong principal in request error on gss_accept_sec_context()
On 12/19/2014 01:33 PM, Xie, Hugh wrote:
> We are using the same account on both hosts the Principal in the keytab is "myacct@COMMON.BANKOFAMERICA.COM"
> The service ticket on the clients has the principal of:
> HTTP/host1.bankofamerica.com @ COMMON.BANKOFAMERICA.COM
> HTTP/host2.site123.baml.com @ COMMON.BANKOFAMERICA.COM
I guess this is an Active Directory KDC, and you are using a single computer account for both hosts? (That's not the usual recommended practice, but I assume you have a reason for it.) How did you create the keytabs for the hosts?
----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
