I am attempting to set up a small test network to get Kerberos working on Mac OS X (10.2) and Mac OS X Server (10.2). I have searched the archives and have not found any reference to the errors I am getting or specific setup on OS X Server (10.2). I am new to Kerberos, so please forgive me if I use some of the terminology incorrectly.
I am using Windows 2000 Server as the KDC, and am successfully authenticating to the KDC and getting my krbtgt ticket. However, I am now trying to set up Mac OS X Server to provide ftp/Mail/AFP services using Kerberos authentication, but keep getting errors like this on the server whenever I attempt to connect from the client to the server: Sep 17 2002 01:16:18 Major Error (1): Miscellaneous failure Sep 17 2002 01:16:18 Minor Error (1): No principal in keytab matches desired name My question is this: does the name of a service, ie ftpd, have to be part of the principal name of the service (ie [EMAIL PROTECTED])? Do I even need a service key in krb5.keytab on the server? My understanding is that Kerberos provides assurance that a specific user on a specific host is authorized to connect to a specific server. I believe this means that I would only need a key for the host, ie [EMAIL PROTECTED] in the krb5.keytab on the server. However, I continue to receive the error messages above. I can get a primary key from both OS X client and Server, using kinit, but cannot connect from client to server (with kerberized apps such as Mail, ftp, etc) using kerberos authentication. I have a DNS setup correctly so that all reverse lookups return the FQDN, and forward lookups return the correct IP. Any ideas? Timothy Perfitt ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
