[MIT] Simple telnet question

[Philippe Perrin]

Add-on to my previous message.
Since no ticket-request failure was logged on the KDC, I used tcpdump to see
what was going on there. And I noticed that the client did not ask for the
principal "host/thot.mds" as it should, but "host/thot" (notice the missing
"mds"). It seems that the client drops the domain name (the client and the
server are on the same host, thot.mds).... How can I correct this ??

Here are parts of my krb5.conf :

    KERBYKB.LOCAL = {
         kdc = kerby.mds:88
         default_domain = mds           # DOMAIN
         admin_server = kerby.mds
    }

[domain_realm]
    .mds = KERBYKB.LOCAL
    mds = KERBYKB.LOCAL

Philippe


"Donn Cave" <donn at u.washington.edu> a écrit dans le message de news:
a4971a$1bfm$1 at nntp6.u.washington.edu...
> Quoth "Philippe Perrin" <philippeperrin at yahoo.com>:
> | Thanks for the advice. Here is the output, after a successful call to
kinit
> ...
> | >>>TELNET: Trying 2 2
> | telnet: Kerberos V5: failure on credentials(Server not found in Kerberos
> | database)
> | >>>TELNET: Trying 2 0
> | telnet: Kerberos V5: failure on credentials(Server not found in Kerberos
> | database)
> | >>>TELNET: Sent failure message
>
> OK, that's good, but it means you must check the second place I suggested.
> When it says "server not found", it means telnet has picked a service
> name that doesn't match the one your site supports.  There are three
> places to go wrong - the service, the host instance, and the realm.  The
> most likely is your host goes by several addresses and the service
principal
> assigned by your site doesn't use the canonical host name.  Whatever, look
> in that syslog and you will see this failure and see what principal it was
> actually looking for.  If you don't have access to the log, enlist the
> cooperation of your site administrator.
>
> |> - KDC syslog output.  Search for IP address of the local (client) host.
>
> Donn Cave, donn at u.washington.edu