[14440] in Kerberos
GSSAPI error major: Miscellaneous failure
daemon@ATHENA.MIT.EDU (Anil Maipady)
Fri May 11 10:09:22 2001
Message-ID: <3AFBF0B8.9F668B5F@home.com>
From: Anil Maipady <anilmaipady@home.com>
Date: Fri, 11 May 2001 14:02:20 GMT
To: kerberos@MIT.EDU
Hello,
I was trying to configure MIT version 5-1.2.2. I could get krb5kdc and
kadmind working. I was able to ket initial tickets using kinit. But when
I was trying to run ftp I got following error:
GSSAPI accepted as authentication type
GSSAPI error major: Miscellaneous failure
GSSAPI error minor: No such file or directory
GSSAPI error: acquiring credentials
GSSAPI ADAT failed
GSSAPI authentication failed
KERBEROS_V4 accepted as authentication type
My krb5.conf file
----------------------------------------------------------------------
[libdefaults]
default_realm = XYZ.WAN
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
[realms]
XYZ.WAN = {
kdc = myhost.xyz.wan:88
admin_server = myhost.xyz.wan:749
default_domain = xyz.wan
}
[domain_realm]
.xyz.wan = XYZ.WAN
xyz.wan = XYZ.WAN
myhost.xyz.wan = XYZ.WAN
[kdc]
profile = /usr/local/mit/var/krb5kdc/kdc.conf
[logging]
kdc = FILE:/usr/local/mit/var/krb5kdc/kdc.log
admin_server = FILE:/usr/local/mit/var/krb5kdc/kadmin.log
My kdc.conf file
------------------------------------------------------------------------
[kdcdefaults]
kdc_ports = 749,88
[realms]
XYZ.WAN = {
profile = /etc/krb5.conf
database_name = /usr/local/mit/var/krb5kdc/principal
admin_database_name =
/usr/local/mit/var/krb5kdc/principal.kadmin5
admin_database_lockfile =
/usr/local/mit/var/krb5kdc/principal.kadm5.lock
key_stash_file = /usr/local/mit/var/krb5kdc/.k5.XYZ.WAN
admin_keytab = /usr/local/mit/var/krb5kdc/kadm5.keytab
acl_file = /usr/local/mit/var/krb5kdc/kadm5.acl
kdc_ports = 749,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc:normal des:normal
des:v4
des:norealm des:onlyrealm des:afs3
}
Kilist before runnig ftp
--------------------------------------------------------------------
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root/admin@XYZ.WAN
Valid starting Expires Service principal
05/09/01 15:26:36 05/10/01 01:26:36 krbtgt/XYZ.WAN@XYZ.WAN
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
My /etc/hosts file
----------------------------------------------------------------------
#
# Internet host table
#
127.0.0.1 localhost
10.10.5.24 myhost.xyz.wan loghost
Output of list_principals in kadmin:
------------------------------------------------------------------------
kadmin: list_principals
K/M@XYZ.WAN
ftp/myhost.xyz.wan@XYZ.WAN
ftp/myhost@XYZ.WAN
host/myhost.xyz.wan@XYZ.WAN
kadmin/admin@XYZ.WAN
kadmin/changepw@XYZ.WAN
kadmin/history@XYZ.WAN
krbtgt/XYZ.WAN@XYZ.WAN
root/admin@XYZ.WAN
root@XYZ.WAN
sample/myhost.xyz.wan@XYZ.WAN
sserver/myhost.xyz.wan@XYZ.WAN
telnet/myhost.xyz.wan@XYZ.WAN
# ftp myhost.xyz.wan
Connected to myhost.xyz.wan.
220 myhost FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: Miscellaneous failure
GSSAPI error minor: No such file or directory
GSSAPI error: acquiring credentials
GSSAPI ADAT failed
GSSAPI authentication failed
KERBEROS_V4 accepted as authentication type
Kerberos V4 krb_mk_req failed: You have no tickets cached
Name (myhost.xyz.wan:root):
After running ftp.
-------------------------------------------------------------------------
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root/admin@XYZ.WAN
Valid starting Expires Service principal
05/09/01 15:26:36 05/10/01 01:26:36 krbtgt/XYZ.WAN@XYZ.WAN
05/09/01 15:27:39 05/10/01 01:26:36 ftp/myhost.xyz.wan@XYZ.WAN
05/09/01 15:27:39 05/10/01 01:26:36 host/myhost.xyz.wan@XYZ.WAN
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
The kdc.log file:
---------------------------------------------------------
May 09 15:27:39 myhost krb5kdc[3918](info): TGS_REQ 10.10.5.24(88):
ISSUE:
authtime 989447196, root/admin@XYZ.WAN for host/myhost.xyz.wan@XYZ.WAN
May 09 15:27:39 myhost krb5kdc[3918](info): TGS_REQ 10.10.5.24(88):
BAD_ENCRYPTION_TYPE: authtime 989447196, root/admin@XYZ.WAN for
host/myhost.xyz.wan@XYZ.WAN, KDC has no support for encryption type
