> -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Thomas von Steiger > Sent: Wednesday, November 11, 2009 2:57 PM > To: General Red Hat Linux discussion list > Subject: Re: GSSFTP / Kerberos question > > > On 11.11.2009, at 17:08, Broekman, Maarten wrote: > > > I have Kerberos configured on my hosts and I want to enable GSSFTP. I > > can get it to work on the "primary" hostname of this set of servers, > but > > not on a secondary (eth0:0) interface. This particular set of servers > > are a cluster and have a floating IP between them. I have Kerberos > host > > principals configured for both the primary and secondary hostnames of > > the servers and they are in the keytab file (I can see them with > klist), > > but when I connect to the secondary hostname I get a GSSAPI error: > > > > 334 Using authentication type GSSAPI; ADAT must follow > > GSSAPI accepted as authentication type > > GSSAPI error major: Unspecified GSS failure. Minor code may provide > > more information > > GSSAPI error minor: Unknown code krb5 144 > > GSSAPI error: accepting context > > GSSAPI ADAT failed > > GSSAPI authentication failed > > > > Connections to the primary hostname work: > > 334 Using authentication type GSSAPI; ADAT must follow > > GSSAPI accepted as authentication type > > GSSAPI authentication succeeded > > > > Looking at the Kerberos error code though, it says that 144 is "Wrong > > principal in request". Anyone have an idea on what needs to be done to > > get this working? > > > > Thanks, > > Maarten > > > > > Can you resolv your secound hostname where you have the secound > principal? > > Thomas Yes. DNS is functioning properly and I can log in with my password, but not via GSSAPI. I've also tried putting the extra_addresses and scan_interfaces options in my krb5.conf but that hasn't helped either. Could this be a routing issue? My default route points out the primary hostname interface. There are no specific routes for the secondary hostname though. --Maarten -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
