Stack trace dor gssapi-with-mic

[Ted Creedon]

I'm running OpenAFS which relies on krb5

The garbled cc is a surprise to me too..

It does not explain the inconsistencies between the other 3 servers though

Best bet is to get to the latest of everything..It'll take a day or so..

thanks
tedc

On Mon, Apr 20, 2009 at 12:47 AM, Sergio Gelato
<Sergio.Gelato at astro.su.se>wrote:

> * Ted Creedon [2009-04-19 14:52:45 -0700]:
> > I think there are two problems:
> > 1. geronimo.creedon.biz reverse dnslookups as a comcast uri (its on a
> > comcast dhcp line) - the forward dns is set up using dyndns. Look at the
> > garbled klist below..
>
> Both the stack trace and the garbled klist point to a serious problem
> with the installation of MIT Kerberos on redcloud. (I assume your klist is
> MIT Kerberos like the libraries ssh is linked against.) The DNS
> forward/reverse
> mismatch is not a sufficient explanation for that klist output; a
> corrupt credentials cache is more likely. (The timestamps look correct,
> though; only the principals for that second ticket don't make sense.)
>
> Try purging and reinstalling the Kerberos RPMs on redcloud. If this
> were a fundamental problem with SuSE 10.1 I'd think it would have been
> reported by others.
>
> Check also the contents of /etc/krb5.conf.
>
> Try testing basic Kerberos functionality independently of ssh.
> For example, does aklog work for you? If it does, then maybe only the
> GSSAPI library (which aklog doesn't use) is bad.
>
> > redcloud:~ # klist
> > Ticket cache: FILE:/tmp/krb5cc_0
> > Default principal: root at CREEDON.BIZ
> >
> > Valid starting     Expires            Service principal
> > 04/19/09 14:42:40  04/19/09 15:42:40  krbtgt/CREEDON.BIZ at CREEDON.BIZ
> >         renew until 04/19/09 15:42:40
> > 04/19/09 14:43:00  04/19/09 15:42:40  /\@UW\0\0\0\0\0ST.NET
> @UW\0\0\0\0\0BIZ
> >         for client @GW\0\0\0\0\0BIZ, renew until 04/19/09 15:42:40
> >
>