[31295] in Kerberos
Re: ftp client: authentication failed
daemon@ATHENA.MIT.EDU (Christopher D. Clausen)
Wed Jul 15 12:03:40 2009
X-Barracuda-Envelope-From: cclausen@acm.org
Message-ID: <098F58BB778747A780F42BA0086603EB@CDCHOME>
From: "Christopher D. Clausen" <cclausen@acm.org>
To: "Lloyd" <lloyd@cdactvm.in>
Date: Wed, 15 Jul 2009 10:58:51 -0500
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Lloyd <lloyd@cdactvm.in> wrote:
> Hi,
> I am new to kerberos and trying to set up in a sample scenario as
> part of learning. I have downloaded and installed Kerberos 5 on a
> Linux system. As per the install guide I have successfully configured
> KDC and Application server. in the application server the "ftpd"
> daemon is also started successfully. Now I dont know how to connect a
> client to the ftpd server.
>
> This is the output of klist in client side
>
> klist: You have no tickets cached
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: lloyd/admin@EFS.CYBER
> Valid starting Expires Service principal
> 07/15/09 17:09:01 07/16/09 17:08:55 krbtgt/EFS.CYBER@EFS.CYBER
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
>
> And this is the output when I try ftp command in client side
>
> GSSAPI error minor: No principal in keytab matches desired name
>
> Am I missing something in Application server, KDC or in client?
The above is your problem. Your client thinks your FTP server has a
different name than what the keytab has a principal for. Check the KDC
log to see which principal the client requested and then fix your keytab
and/or DNS and/or /etc/hosts on these systems.
<<CDC
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
