Douglas E. Engert wrote: > Richard Silverman asked how did you add the principals to AD? > If you used the same AD account for both principals, they will use the > same password to generate the key, and will use the same kvno. > > Thus your first problem might be the kvno is not found, in the keytab.
They keys are both kvno=3 on the AD-side and in the client's keytab. > Are 55 and 59 the length of the message as seen by strace or an error code? Oh.... yeah. :) > I assume you ran the gss-server as root, so it could access/etc/krb5.keytab Yes. Strace shows the gss-server process being able to open the keytab file. > The uses of a single AD account for two principals with the same pasword > is a difference. Each Kerberos keytab entry has a 1:1 match with an AD user. Or are you pointing out I'm supposed to be doing something different? Thanks. - Jason ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
