GSSFTP / Kerberos question
Broekman, Maarten
Maarten.Broekman at FMR.COM
Wed Nov 11 16:08:47 UTC 2009
I have Kerberos configured on my hosts and I want to enable GSSFTP. I
can get it to work on the "primary" hostname of this set of servers, but
not on a secondary (eth0:0) interface. This particular set of servers
are a cluster and have a floating IP between them. I have Kerberos host
principals configured for both the primary and secondary hostnames of
the servers and they are in the keytab file (I can see them with klist),
but when I connect to the secondary hostname I get a GSSAPI error:
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: Unspecified GSS failure. Minor code may provide
more information
GSSAPI error minor: Unknown code krb5 144
GSSAPI error: accepting context
GSSAPI ADAT failed
GSSAPI authentication failed
Connections to the primary hostname work:
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI authentication succeeded
Looking at the Kerberos error code though, it says that 144 is "Wrong
principal in request". Anyone have an idea on what needs to be done to
get this working?
Thanks,
Maarten
More information about the redhat-list
mailing list