[jcifs] KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN Help
Michael B Allen
mba2000 at ioplex.com
Thu Jan 13 19:52:44 GMT 2005
On Thu, 13 Jan 2005 16:50:25 +0000 (UTC)
David Pattison <david.pattison at siemens.com> wrote:
> My question is what does the above error mean, and more importantly how to
> solve it? All I know is that it involves the Server not being found in the
> Kerberos database.
A Principal is like a user but can also refer to a machine or a service. The
name of the Principal is in the for 'primary/instance at realm'. A user
Principal name is usually just like 'me at mycompany.com' whereas server and
service Principal names are like
'host/servername.mycompany.com at mycompany.com'.
Kerberos is a "third party authentication" system. So if you want to talk to
a server you authenticate using your oun Principal, the server authenticates
using it's Principal, and then you ask the KDC for a ticket to talk
specifically to that server. Theres data encrypted with the target servers
session key. You can't decrypt it but the target server can in which case it
knows the ticket came from the KDC and therefore the client must be legit.
This PDF has a very nice description of Kerberos authentication of HTTP
clients:
http://bofriis.dk/portalprotect/SPNEGO%20authentication%20using%20JGSS.pdf
Ultimately what you need to do is determine what your server Principal name
is and then add it to the Kerberos database. In the above document for
example, the server Principal name is 'HTTP/www.test.net at test.net'.
Mike
--
Greedo shoots first? Not in my Star Wars.
More information about the jcifs
mailing list