On 08/08/2012 12:33 PM, Greg Hudson wrote: > If the server is running krb5 1.7 or later, this kind of problem should > result in a "Wrong principal in request" error in the sshd output (which > is still not very clear, but at least helps distinguish the problem from > sshd trying to acquire the wrong credentials). If the server is running > krb5 1.6.x (as in your case), the error will be "Key able entry not found".
Apologies; I made a mistake when reading the 1.6.x code. In krb5 1.6.x, the error in this situation will be "Key version number for principal in key table is incorrect", which is pretty clear. So perhaps your problems yesterday were not the result of key version mismatches, since you were getting "Key table entry not found" errors. (I was right about what the error will be in 1.7.x or later. This is a regression, and I'll open a bug about it. But that problem is not germane to your situation.) ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
