Jason D. McCormick wrote: > Douglas E. Engert wrote: > >> Richard Silverman asked how did you add the principals to AD? >> If you used the same AD account for both principals, they will use the >> same password to generate the key, and will use the same kvno. >> >> Thus your first problem might be the kvno is not found, in the keytab. > > They keys are both kvno=3 on the AD-side and in the client's keytab. > >> Are 55 and 59 the length of the message as seen by strace or an error code? > > Oh.... yeah. :) > >> I assume you ran the gss-server as root, so it could access/etc/krb5.keytab > > Yes. Strace shows the gss-server process being able to open the keytab > file. > >> The uses of a single AD account for two principals with the same pasword >> is a difference. > > Each Kerberos keytab entry has a 1:1 match with an AD user. Or are you > pointing out I'm supposed to be doing something different?
No. Just making sure you did not fall into the trap of using the same account for two principals. > > Thanks. > > - Jason > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
