# [solved] NFS4 Krb5 rpc.svcgssd - /etc/krb5.keytab Problem

## eisenmann

Hi ,

i have e problem to start the rpc.svcgssd RPC demon, if i start the demon i get following errormessage:

```

pluto eisenmann # rpc.svcgssd -vvvvf

ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure.  Minor code may provide more information - No principal in keytab matches desired name

Unable to obtain credentials for 'nfs'

unable to obtain root (machine) credentials

do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?

```

But i have the /etc/krb5.keytab with the nfs/pluto.sb.de@SB.DE in there.

You can see this if the rpc.gssd demon starts, he use also the /etc/krb5.keytab :

```

pluto eisenmann # rpc.gssd -vvvf

Using keytab file '/etc/krb5.keytab'

Processing keytab entry for principal 'nfs/pluto.sb.de@SB.DE'

We will use this entry (nfs/pluto.sb.de@SB.DE)

Processing keytab entry for principal 'pluto/pluto.sb.de@SB.DE'

We will NOT use this entry (pluto/pluto.sb.de@SB.DE)

Using (machine) credentials cache: 'FILE:/tmp/krb5cc_machine_SB.DE'

```

Has anything a idea what is the problem!!

rgds Eisenmann

PS: Here is my kdc.conf:

```

[kdcdefaults]

        kdc_ports = 750,88

[realms]

        SB.DE = {

                kdc = pluto.sb.de:88

                admin_server = pluto.sb.de:749

                default_domain = sb.de

                database_name = /var/lib/krb5kdc/principal

                admin_keytab = FILE:/var/lib/krb5kdc/kadm5.keytab

                acl_file = /var/lib/krb5kdc/kadm5.acl

                key_stash_file = /var/lib/krb5kdc/.k5.SB.DE

                kdc_ports = 750,88

                max_life = 10h 0m 0s

                max_renewable_life = 7d 0h 0m 0s

                master_key_type = des3-hmac-sha1

                supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3

        }

[logging]

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmin.log

default = FILE:/var/log/krb5lib.log

```

And the krb5.conf:

```

[logging]

default = FILE:/var/log/krb5lib.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmin.log

[libdefaults]

default_realm = SB.DE

#dns_lookup_kdc = false

[realms]

SB.DE = {

   default_domain = sb.de

   kdc = pluto.sb.de:88

   admin_server = pluto.sb.de:749

}

[domain_realm]

sb.de = SB.DE

```

Last edited by eisenmann on Thu Aug 23, 2007 7:54 pm; edited 1 time in total

----------

## eisenmann

Hi,

i have found the problem. Today i saw that the DNS reverse entrys are not working correct. I correct this problem and now starts the deamon. It looks like that the rpc.svcgssd make a DNS revers lookup like ssh. If there is no DNS reverse lookup entry then the rpc.svcgssd deamon do not start.

Thank you for your help!!!   :Laughing: 

----------

