You can also inspect for which principal a service ticket was acquired, on the client side via klist. Make sure there is a corresponding keytab entry for this principal on the target host (klist -k).
>>>>> "Ken" == Ken Hornstein <[EMAIL PROTECTED]> writes: >>> GSSAPI accepted as authentication type >>> GSSAPI error major: Miscellaneous failure >>> GSSAPI error minor: No principal in keytab matches desired name Ken> If you turn on ftpd debugging (-d), ftpd will log a whole bunch of crap Ken> to syslog. One of the things it logs is the name it's trying to use Ken> locally. I suspect that the problem is something akin to listing the Ken> "short" name of the host first in /etc/hosts. Ken> --Ken Ken> ________________________________________________ Ken> Kerberos mailing list [EMAIL PROTECTED] Ken> https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
