GSSFTP / Kerberos question
Thomas von Steiger
thomas.vonsteiger at bluewin.ch
Wed Nov 11 21:09:56 UTC 2009
>
>>> more information
>>> GSSAPI error minor: Unknown code krb5 144
>>> GSSAPI error: accepting context
>>> GSSAPI ADAT failed
>>> GSSAPI authentication failed
>>>
>>> Connections to the primary hostname work:
>>> 334 Using authentication type GSSAPI; ADAT must follow
>>> GSSAPI accepted as authentication type
>>> GSSAPI authentication succeeded
>>>
>>> Looking at the Kerberos error code though, it says that 144 is
> "Wrong
>>> principal in request". Anyone have an idea on what needs to be
> done to
>>> get this working?
>>>
>>> Thanks,
>>> Maarten
>>>
>>
>>
>> Can you resolv your secound hostname where you have the secound
>> principal?
>>
>> Thomas
>
> Yes. DNS is functioning properly and I can log in with my password, but
> not via GSSAPI. I've also tried putting the extra_addresses and
> scan_interfaces options in my krb5.conf but that hasn't helped either.
>
> Could this be a routing issue? My default route points out the primary
> hostname interface. There are no specific routes for the secondary
> hostname though.
I think your first and secound ip is in the same subnet for that you need the same default gateway.
There are to princs like:
ftp/foo1.bar.com
ftp/foo2.bar.com
and
host/foo1.bar.com
host/foo2.bar.com
Maybe you can try GSS with ssh login for hostname1 and hostname2.
Or something selinux missing?
Thomas
More information about the redhat-list
mailing list