GSSFTP / Kerberos question
Thomas von Steiger
thomas.vonsteiger at bluewin.ch
Wed Nov 11 19:57:14 UTC 2009
On 11.11.2009, at 17:08, Broekman, Maarten wrote:
> I have Kerberos configured on my hosts and I want to enable GSSFTP. I
> can get it to work on the "primary" hostname of this set of servers, but
> not on a secondary (eth0:0) interface. This particular set of servers
> are a cluster and have a floating IP between them. I have Kerberos host
> principals configured for both the primary and secondary hostnames of
> the servers and they are in the keytab file (I can see them with klist),
> but when I connect to the secondary hostname I get a GSSAPI error:
>
> 334 Using authentication type GSSAPI; ADAT must follow
> GSSAPI accepted as authentication type
> GSSAPI error major: Unspecified GSS failure. Minor code may provide
> more information
> GSSAPI error minor: Unknown code krb5 144
> GSSAPI error: accepting context
> GSSAPI ADAT failed
> GSSAPI authentication failed
>
> Connections to the primary hostname work:
> 334 Using authentication type GSSAPI; ADAT must follow
> GSSAPI accepted as authentication type
> GSSAPI authentication succeeded
>
> Looking at the Kerberos error code though, it says that 144 is "Wrong
> principal in request". Anyone have an idea on what needs to be done to
> get this working?
>
> Thanks,
> Maarten
>
Can you resolv your secound hostname where you have the secound principal?
Thomas
More information about the redhat-list
mailing list