[14539] in Kerberos
Re: Need help with GSS-Sample for K5
daemon@ATHENA.MIT.EDU (Donn Cave)
Tue Jun 5 18:47:53 2001
From: Donn Cave <donn@u.washington.edu>
Date: 5 Jun 2001 21:37:43 GMT
Message-ID: <9fjjf7$9c8$1@nntp6.u.washington.edu>
To: kerberos@MIT.EDU
Quoth Matt Crawford <crawdad@fnal.gov>:
| "Krassimir Boyanov (Anaheim)" wrote:
|> The GSS-Server is giving error message:
|> GSS-API error accepting context: Miscellaneous failure
|> GSS-API error accepting context: Wrong principal in request
|
| I find this happening when the client and the server don't get
| the same answer when they map the server's fqdn to a realm.
In one common variation on this problem, the client is getting two
different answers when it looks up the server host name in DNS.
One lookup is in gss_import_name (calling krb5_sname_to_principal),
the other is in the process of making the network connection. The
most conspicuous example is MIT's own GSS ftp client. Will only
happen if the server's DNS address periodically changes because of
something like DNS-based load balancing.
Donn Cave, donn@u.washington.edu
