[39499] in Kerberos
Re: spn alias
daemon@ATHENA.MIT.EDU (Ken Hornstein via Kerberos)
Sat Mar 8 15:26:36 2025
Message-Id: <202503082023.528KNT2H018323@hedwig.cmf.nrl.navy.mil>
To: Stefan Kania <stefan@kania-online.de>
cc: kerberos@mit.edu
In-Reply-To: <6893835c-f79b-4e13-bb25-9c872b5e77b1@kania-online.de>
MIME-Version: 1.0
Date: Sat, 08 Mar 2025 15:23:29 -0500
From: Ken Hornstein via Kerberos <kerberos@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>> If you are using MIT Kerberos (anything 1.10 or newer) on the
>> LDAP server, you can use the krb5.conf configuration entry
>> "ignore_acceptor_hostname" to allow the server to match on any valid
>> hostname. See details here:
>
>Hi Ken,
>
>that did it. Thank you. Now we get the ticket trough the loadbalancer.
>But OpenLDAP is complaining about the name of the principal is not
>matching the fqd. WE now will go the way without the load balancer. We
>will use SRV-records.
Hm, _OpenLDAP_ is complaining? Are you sure? Like, how does it even know?
Exactly what error are you getting?
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
