Troubleshooting

On this page

You may encounter errors during initial configuration or when attempting to connect to SingleStore as a Kerberos-authenticated user. This section describes common error scenarios and how to resolve them.

Service Principal Name Does Not Match

Consider the following client error:

ERROR: p8188 t99998 c5 Retrieved client name 'user2@EXAMPLE.COM' does not match expected 'user1@EXAMPLE.COM'. Access denied
ERROR: p8188 t99998 c5 ProcessHandshakeResponsePacket() failed. Sending back 1045: Retrieved principal does not match expected Kerberos username

This error scenario is caused by attempting to connect as a SingleStore user with an SPN that differs from the SPN to which the SingleStore user is bound. For example, a SingleStore user ('user1'@'%') is bound to the user1@EXAMPLE.COM SPN. The client’s currently initialized SPN is user2@EXAMPLE.COM. If you attempt to connect to SingleStore as the 'user1'@'%' user, SingleStore will deny access because 'user1'@'%' is not bound to user2@EXAMPLE.COM. To resolve this error, retrieve a TGT using kinit for the correct user1@EXAMPLE.COM SPN and try the connection again.

Last modified: October 11, 2022

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

(Optional) Run the following command to view the associated signature files.
Shell
```
curl undefined
```
Download the signature file from the SingleStore release server.
- Option 1: Click the Download Signature button next to the SingleStore file.
- Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.
- Option 3: Run the following command to download the signature file.
  Shell
```
curl -O undefined
```

After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

Shell

echo -n undefined |
    cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
      --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
      --bundle undefined \
      --new-bundle-format -

Verified OK