[EMAIL PROTECTED] wrote on 06/06/2005 10:21:12 AM: > As I said, I've created a new keytab with the > HTTP/[EMAIL PROTECTED] service name (using ktpass). > klist now shows the correct principal: > > > klist -k c:\WINDOWS\krb5kt > Keytab name: FILE:c:\WINDOWS\krb5kt > KVNO Principal > ---- > -------------------------------------------------------------------------- > 4 HTTP/[EMAIL PROTECTED] > > I've restarted Apache, restarted Firefox on the client session and > requested the > URL again. I got the same error: no principal match.
I am not sure why it is failing. For the sake of thoroughness, you might want to check what encryption types are being used. To check the keytab pass -e to klist: klist -e -k c:\WINDOWS\krb5kt to check the token, requires decoding. If you send me the token (out of band), I will check it. Because I have seen problems with key version numbers (kvno) and Windows Server 2003, you might want to also try deleting and recreating the service account and recreate the keytab. You should then see kvno equal to 1. Frank ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
