Subject: kerberos ftpd bug? can't get it to work (New, sort of) I posted this question a few weeks ago and got two responses asking me to provide more accurate info about my setup. So here it is. I hope this is good enough b/c this is as close as I am allowed to get to reality...
Does anyone know how to get ftp working on Kerberos V5. I can connect > to the ftp server but I fail to authenticate. I keep getting an error > message that "No principal in keytab matches desired name". But my > keytab file appears correct. In fact, telnet and rsh are working. > The only thing that doesn't work is ftp. I have tried removing the > ftp entry from my keytab file (supposedly some versions of kerberos > will not work with ftp/host; only host/host) and I connect using the > FQDN (also heard ftp is qwerky about FQDNs) but I get exactly the same > problems. I have tried everything and poured over all the docs I could > get my hands on to no avail. I suspect it's something stupid I am > overlooking or maybe there's some obscure work around. Anyway, my > boss really wants this implemented and I am stumped. Anyone out there > got any ideas? ANY HELP WILL BE GREATLY APPRECIATED! > > I PASTED THE ERROR AND MY KEYTAB FILE BELOW: > > [EMAIL PROTECTED] /usr/kerberos/krb5-1.2.8/src/appl/gssftp/ftp/ftp > sleepy.seven.dwarfs.com > Connected to sleepy.seven.dwarfs.com > 220 emssyb1 FTP server (Version 5.60) ready. > 334 Using authentication type GSSAPI; ADAT must follow > GSSAPI accepted as authentication type > GSSAPI error major: Miscellaneous failure > GSSAPI error minor: No principal in keytab matches desired name > GSSAPI error: acquiring credentials > GSSAPI ADAT failed > GSSAPI authentication failed > > emssyb1:/>/usr/kerberos/krb5-1.2.8/src/clients/klist/klist -k > Keytab name: FILE:/etc/krb5.keytab > KVNO Principal > ---- -------------------------------------------------------------------------- > 3 ftp/[EMAIL PROTECTED] > 3 ftp/[EMAIL PROTECTED] > 3 host/[EMAIL PROTECTED] > 3 host/[EMAIL PROTECTED] > 3 telnet/[EMAIL PROTECTED] > 3 telnet/[EMAIL PROTECTED] ...Now someone (Ken Hornstein) suggested that I turn on logging for ftpd to log to the syslog. This was supposed to give me more information about the error. I now have ftpd logging to syslog but no new info; the same error is showing up in the syslog now. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
