Kerberos error 8: Principle unknown (kerberos)
Problem: Attempts to use any kerberized service results in "Kerberos error 8: Principle unknown (kerberos)"
Solution: The following problems can cause Kerberos Error 8:
- Your Network ID was incorrectly entered: Always enter your netID in lowercase letters, and check that you have not entered a one in place of a small L or the letter O instead of a zero.
- Special Mailboxes: If you have a special mailbox, enter its netID with the "-mailbox" suffix. For example, if your special mailbox is helpdesk (helpdesk@cornell.edu), enter in helpdesk-mailbox as your netID.
Technical Description: Principle unknown occurs when the Kerberos server was
unable to locate the specified NetID. Cornell's Kerberos server (kerberos.cit.cornell.edu)
is case-sensitive and consequently will not recognize the NetID if it is in all caps.
Alternatively the NetID may not exist. However, this error is more often caused when
Kerberos cannot locate its settings file krb.con which specifies which Kerberos server
to use. (krb.con is installed into c:\net\kerb). Kerberos looks
for krb.con in the \ndir\kerb directory where ndir is the directory
specified by the environment variable NDIR (usually set in autoexec.bat).
If this environment variable is not set, Kerberos will look in c:\net\kerb.
If krb.con is not located here, Kerberos will default to using athena.mit.edu
as a Kerberos server.
Users will see this error in Eudora but not elsewhere if their
Eudora Kerberos realm is set incorrectly (should be CIT.CORNELL.EDU in all caps).
If the Eudora Kerberos realm is set incorrectly, a TGT (ticket granting ticket)
will be acquired, but the service ticket will fail.
Last updated July 30, 2004
Kerberos & SideCar
Related topics
- Change Password
- CUWebLogin
- CUWebAuth for web servers
- Identity Management home page