[39121] in Kerberos
Re: Help with replication
daemon@ATHENA.MIT.EDU (Ken Hornstein via Kerberos)
Mon Jul 18 15:25:40 2022
Message-ID: <202207181922.26IJMEq5004119@hedwig.cmf.nrl.navy.mil>
To: Bill MacAllister <bill@ca-zephyr.org>
cc: kerberos@mit.edu
In-Reply-To: <2ec4e1247f558f3b27bd74b6f931a0d9@ca-zephyr.org>
MIME-Version: 1.0
Date: Mon, 18 Jul 2022 15:22:15 -0400
From: Ken Hornstein via Kerberos <kerberos@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>I am a bit surprised that the cnames in the krb5.conf file were the
>problem. I would like to use a common krb5.conf file everywhere
>deployed by our configuration management processes. I guess one what
>would be to create principals for the cnames. Seems a bit unclean. Or
>just have a unique krb5.conf for kdc systems.
I can only say that we have the same krb5.conf file everywhere, and ...
I'm confused what you are talking about when it comes to canonicalization
issues for your admin principal and your krb5.conf!
I admit, hostname canonicalization with Kerberos has always been a bit ...
challenging. The exact behavior can depend on the version of Kerberos
you are using and krb5.conf configuration entries. Drives me nuts at
times.
I'd ALSO check to make sure it works correctly at reboot; like I
explained earlier, that tripped me up.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
