On 11/2/07, Manoj Mohan <[EMAIL PROTECTED]> wrote: > > Hi, > > I am new to kerberos world.. so forgive my noviceness.... > > I have a KDC running on linux and my client server are also on linux.. After > registering the user principals and service principals when client is > connecting to server, I can see from the klist that > the service ticket is generated properly. > > However, at the server end..after succesfully executing gss_acquire_cred(), > I am failing in gss_accept_sec_context with maj_stat: 851968, min_stat: > -1765328154 > > However, after some googling... I can see that kerberos error code goes only > as far as -1765328157L... > It looks like a big coincidence that we are getting that close an error to > be an INCORRECT error > > Any pointers? > > Manoj
>From krb5.h: #define KRB5_KT_KVNONOTFOUND (-1765328154L) This indicates that the client is getting a service ticket which was produced with a key version (KVNO) that the server does not have in its keytab file. I'd assume that you did a 'ktadd' for the service and failed to update the keytab that the service is using. (Or the client has an "old" service ticket and the server's keytab no longer has that older version of the key.) ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
