Does the account that you are trying to ftp into on the
server side have a valid shell? is that shell listed in /etc/shells?
Is ftpd open in the iptables on the server side, and in /etc/hosts.allow,
hosts.deny?
Steve
On Thu, 30 Jul 2009, Ron Rechenmacher wrote:
Hi,
I'm having trouble connecting to a SLF5 kerberized ftpd from an SLF5
kerberized ftp client.
On the server, I'm using:
rpm -qf /usr/kerberos/sbin/ftpd
krb5-workstation-1.6.1-31.el5_3.3.x86_64
On the client, I'm using:
rpm -qf rpm -qf /usr/kerberos/bin/ftp
krb5-workstation-1.6.1-31.el5_3.3.x86_64
On the client side, I get:
...
GSSAPI error major: Unspecified GSS failure. Minor code may provide more
information
GSSAPI error minor: Permission denied
GSSAPI error: acquiring credentials
GSSAPI ADAT failed
GSSAPI authentication failed
...
and on the server side, in /var/log/messages, I get:
...
ftpd[25305]: gssapi error acquiring credentials
...
I do have a valid ticket! and I can connect to another SLF5 node, so it seems
to be a server issue.
I've tried looking at the kdc logs on fnalu...
I use to be able to "tail -f" the log in the tmp directory but now I can just
see a log file that seems to be several hours old. In that log file, however,
I do see an "ISSUE:" line for my server, so it would appear that I do have a
valid ftp principal.
Any suggestions?
Thanks,
Ron
--
------------------------------------------------------------------
Steven C. Timm, Ph.D (630) 840-8525
[email protected] http://home.fnal.gov/~timm/
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Assistant Group Leader.
