I have a Solaris box with MIT Kerberos 1.3.3 installed as an application server which is part of a Windows 2000 KDC. I can perform a kerberized telnet to the box perfectly. However, I cannot ftp to the box. In my system log (and I enabled debugging for ftpd), I see: Jun 8 12:51:04 ultra ftpd[1062]: [ID 291755 daemon.info] importing <[EMAIL PROTECTED]> Jun 8 12:51:04 ultra ftpd[1062]: [ID 291755 daemon.info] importing <[EMAIL PROTECTED]> Jun 8 12:51:04 ultra ftpd[1062]: [ID 399347 daemon.error] gssapi error acquiring credentials
A Ethereal trace shows the client receiving a 501-GSSAPI error minor: no principal in keytab matches desired name. ktutil on the host shows: # ktutil ktutil: rkt /etc/krb5.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 1 host/[EMAIL PROTECTED] 2 1 ftp/[EMAIL PROTECTED] On my client, I properly acquire all the right tickets, klist -e shows: Ticket cache: API:krb5cc Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 06/08/04 08:01:18 06/08/04 18:01:18 krbtgt/[EMAIL PROTECTED] renew until 06/15/04 08:01:18, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 06/08/04 12:04:48 06/08/04 18:01:18 host/[EMAIL PROTECTED] renew until 06/15/04 08:01:18, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode with RSA-MD5 06/08/04 12:05:47 06/08/04 18:01:18 ftp/[EMAIL PROTECTED] renew until 06/15/04 08:01:18, Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32 Kerberos 4 ticket cache: API:krb4cc On my FTP client, I tried using either 'host' or 'ftp' as the GSS Service Name and still get the same error. What could be the problem? TIA, Pierre Goyette ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
