I’m trying to get FTP up and running using only kerberos for authentication. Service is starting up with no errors, but I can’t get and “kerberized” ftp clients to connect, both Mac or PC. On the Mac I’m trying to connect with Fetch 5.2 via GSSAPI. On the PC, I’m using FileZilla. In both cases I’m getting the same error message:

Here is the transcript from Fetch:

Connecting to FQHN.com port 21 (Mac OS X firewall is off) (5/24/07 3:19:16 PM)
Connected to IPobscurred port 21 (5/24/07 3:19:16 PM)
220——————————————————————————–
220-This is the “Banner” message for the Mac OS X Server’s FTP server process.
220-
220- FTP clients will receive this message immediately
220- before being prompted for a name and password.
220-
220-PLEASE NOTE:
220-
220- Some FTP clients may exhibit problems if you make this file too long.
220-
220——————————————————————————–
220-
220 FQHN.com FTP server ready.
ADAT
503 You must issue an AUTH first.
AUTH This command is checking whether this server supports Kerberos or GSS security, see RFC 2228
504 This command is checking whether this server supports Kerberos or GSS security, see RFC 2228 is unknown to me
AUTH GSSAPI
334 Send authorization data.
gss_send_tok_buff = [email protected]
ADAT
535-GSSAPI error major: Incorrect channel bindings were supplied
535-GSSAPI error minor: No error
535 GSSAPI error: accepting context [ Incorrect channel bindings were supplied – No error ]
release 2
service 0gss_send_tok_buff = [email protected]
ADAT
535-GSSAPI error major: Miscellaneous failure
535-GSSAPI error minor: Wrong principal in request
535 GSSAPI error: accepting context [ Miscellaneous failure – Wrong principal in request ]
release 2
service 1

In both cases, Apple’s Kerberos utility is getting both a FTP and Host ticket from the KDC (an Open Directory Master). On the PC, I’m also being granted tickets (using Leash).

All in all, the other kerberized services we’re offering are up and running with no issues. Has anybody gotten this to work?