after kdestroy command, i get the following error message on any other commands such as klist or kinit. Any idea?
No credentials cache found while getting default ccache Thanks, -Yang -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Elia Pinto Sent: Wednesday, May 12, 2010 9:43 AM To: Greg Hudson Cc: [email protected] Subject: Re: Generic question regarding service principal required to access a kerberized ftp server 2010/4/10 Greg Hudson <[email protected]>: > On Sat, 2010-04-10 at 05:28 -0400, Elia Pinto wrote: >> I can get a TGS ftp /<KDC MVS hostname>@< KDC MVS REALMS> but it seems >> that the client also requests a TGS host /<KDC MVS hostname>@< KDC MVS >> REALMS> but this one is not defined on the KDC MVS and so the ftp >> client logon fail. > > The ftp client tries to authenticate to ftp/hostname, then falls back to > host/hostname if that fails. So, no, you don't need a host/hostname > service, but you do have to figure out why the initial authentication is > failing. First of all, thanks for the fast replay. It was not easy to find the problem, given that from the logs of Z / OS KDC looked like a kerberos problem. Instead the true problem was that the Z/OS KDC was using code page IBM-1047 while the FTP server uses the code page IBM-280. And between the two different code pages, in particular, the hexadecimal representation of the @ character in IBM-280 matches the character §, and vice versa. In particular in the ftp server configuration file 'ftp.env' was defined as the variable: LC_ALL = It_IT.IBM-280 While in the configuration file kdc 'envar' was defined in the variable: LANG = En_US.IBM-1047 I have then changed the code page of the IBM ftp to IBM-1047. And work perfectly. Thanks again ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
