[36721] in Kerberos
Re: Wrong principal in request error on gss_accept_sec_context()
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Jan 15 23:49:40 2015
Message-ID: <54B89850.4020002@mit.edu>
Date: Thu, 15 Jan 2015 23:49:20 -0500
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: "Xie, Hugh" <hugh.xie@bankofamerica.com>,
"'<kerberos@mit.edu>'" <Kerberos@mit.edu>
In-Reply-To: <7E270C3427928E499F189C5636C52CDC45C8A720@smtp_mail.bankofamerica.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 01/15/2015 05:18 PM, Xie, Hugh wrote:
> I upgrade the version of krb5 lib to version 1.13. Got more specific error:
> Request ticket server HTTP/ host2.site123.baml.com@COMMON.BANKOFAMERICA.COM kvno 15 enctype rc4-hmac found in keytab but cannot decrypt ticket
>
> Any idea?
Whatever procedure you are using to generate the keytab entry is not
generating the same key as the one present on the KDC.
I am not personally very familiar with creating keytabs for use with
Active Directory KDCs, but I know a lot of people use msktutil for that
purpose, rather than ktutil.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
