On 08/08/2012 12:33 PM, Greg Hudson wrote:
> If the server is running krb5 1.7 or later, this kind of problem should
> result in a "Wrong principal in request" error in the sshd output (which
> is still not very clear, but at least helps distinguish the problem from
> sshd trying to acquire the wrong credentials).  If the server is running
> krb5 1.6.x (as in your case), the error will be "Key able entry not found".

Apologies; I made a mistake when reading the 1.6.x code.  In krb5 1.6.x,
the error in this situation will be "Key version number for principal in
key table is incorrect", which is pretty clear.  So perhaps your
problems yesterday were not the result of key version mismatches, since
you were getting "Key table entry not found" errors.

(I was right about what the error will be in 1.7.x or later.  This is a
regression, and I'll open a bug about it.  But that problem is not
germane to your situation.)

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to