1. /efs/dist/kerberos/mit/1.11.5/exec/bin/klist -k -t $KRB5_KTNAME
Keytab name: FILE: /tmp/myacct.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
2 12/17/2014 15:30:08 [email protected]
2. This is window client output recorded at the time:
Cached Tickets: (2)
#0> Client: winlogin @ COMMON.BANKOFAMERICA.COM
Server: krbtgt/COMMON.BANKOFAMERICA.COM @ COMMON.BANKOFAMERICA.COM
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authen
Start Time: 12/18/2014 13:13:36 (local)
End Time: 12/18/2014 22:13:36 (local)
Renew Time: 12/28/2014 13:13:36 (local)
Session Key Type: RSADSI RC4-HMAC(NT)
#1> Client: winlogin @ COMMON.BANKOFAMERICA.COM
Server: HTTP/host2.site123.baml.com @ COMMON.BANKOFAMERICA.COM
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
Ticket Flags 0x40a00000 -> forwardable renewable pre_authent
Start Time: 12/18/2014 13:13:36 (local)
End Time: 12/18/2014 21:33:36 (local)
Renew Time: 12/28/2014 13:13:36 (local)
Session Key Type: RSADSI RC4-HMAC(NT)
3. What is the window equivalent command on windows?
-----Original Message-----
From: Greg Hudson [mailto:[email protected]]
Sent: Monday, January 05, 2015 5:12 PM
To: Xie, Hugh; '<[email protected]>'
Subject: Re: Wrong principal in request error on gss_accept_sec_context()
On 01/05/2015 04:04 PM, Xie, Hugh wrote:
> Any follow up on this issue? Do you need any more information? Should I turn
> on debugger to see where this error occurred, if yes I need some pointer
> which files to set break points.
I'm a bit confused by the information given so far, and I think some of my
questions weren't clear enough. Let's start over.
For the non-working server only:
1. On the server, run "klist -k" (or "klist -k -t /path/to/keytab" if the
server is using a special keytab location). What is the output?
2. On the client, run kinit so that you have a fresh credential cache, then try
to connect. Then run klist. Other than
krbtgt/[email protected], what service
principal appears in the output?
3. On the client, run "kvno SPRINC", where SPRINC is the answer to question 2.
What is the output?
----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may
contain information that is privileged, confidential and/or proprietary and
subject to important terms and conditions available at
http://www.bankofamerica.com/emaildisclaimer. If you are not the intended
recipient, please delete this message.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
