On 11/2/07, Manoj Mohan <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> I am new to kerberos world.. so forgive my noviceness....
>
> I have a KDC running on linux and my client server are also on linux.. After
> registering the user principals and service principals when client is
> connecting to server, I can see from the klist that
> the service ticket is generated properly.
>
> However, at the server end..after succesfully executing gss_acquire_cred(),
> I am failing in gss_accept_sec_context with maj_stat: 851968, min_stat:
> -1765328154
>
> However, after some googling... I can see that kerberos error code goes only
> as far as -1765328157L...
> It looks like a big coincidence that we are getting that close an error to
> be an INCORRECT error
>
> Any pointers?
>
> Manoj

>From krb5.h:  #define KRB5_KT_KVNONOTFOUND                     (-1765328154L)

This indicates that the client is getting a service ticket which was
produced with a key version (KVNO) that the server does not have in
its keytab file.  I'd assume that you did a 'ktadd' for the service
and failed to update the keytab that the service is using.  (Or the
client has an "old" service ticket and the server's keytab no longer
has that older version of the key.)
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to