In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Matthijs Mohlmann) wrote: > On Tue, 2003-09-02 at 05:12, Donn Cave wrote: > > Quoth [EMAIL PROTECTED] (Matthijs Mohlmann): > > ... > > | Now when i try to login to my ssh service with the following command: > > | [EMAIL PROTECTED]:~$ ssh -A -K active2.active2.homelinux.org > > ... > > | 17612: debug1: Miscellaneous failure > > | 17612: debug1: No principal in keytab matches desired name > > | > > | What does this mean ? I have a > > | host/[EMAIL PROTECTED] in my > > | /etc/krb5.keytab on the ssh-server. I have also a ssh service key in my > > | keytab (ssh/[EMAIL PROTECTED])
> I have my own dns-server for internal network. And my domain is > active2.homelinux.org. My computers are > <name>.active2.homelinux.org and all this names are in the dns. I have > checked what ip every computer is using and it sounds to me as oke > active2.active2.homelinux.org - 192.168.0.2 > server.active2.homelinux.org - 192.168.0.7 > router.active2.homelinux.org - 192.168.0.1 $ host active2.active2.homelinux.org active2.active2.homelinux.org is a nickname for active2.homelinux.org active2.homelinux.org has address 80.126.240.96 active2.homelinux.org mail is handled (pri=5) by active2.homelinux.org active2.homelinux.org mail is handled (pri=10) by bulletgate.org $ host 80.126.240.96 96.240.126.80.IN-ADDR.ARPA domain name pointer a80-126-240-96.adsl.xs4all.nl There's a limit to what we can tell from here, but believe me, it will not work until the name the host knows itself by, and the name in the Kerberos host principal, are the same. This is the problem you have to solve. If you have access to logs from the KDC, you can see exactly what the principal name needs to be. Donn Cave, [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos