alan.jamison at hp.com
Wed Dec 4 15:35:47 EST 2002
Hi Monica, and interest,
Kprop and supporting functions seem to be architected to lowercase the 'host/principal' name in this case.
Kprop makes a call to get_tickets() where the principal names for the propagation are constructed. In the ensuing call to krb5_sname_to_principal(), the yourhost.yourdomain name string is discovered and used to construct the host/yourhost.yourdomain at YOUR.REALM principal name.
krb5_sname_to_principal() will lowercase every character in the yourhost.yourdomain string.
One workaround for this behavior might be to create your host/node.domain at REALM principal using lowercase letters for host/node.domain. Your tcpip configuration might also be modified to define appropriate case-sensitive alias node names (as you did) to allow both upper and lowercase node name use for other needs (if you need both). You'll have to experiment, I am sure, to get this as you need it for your particular environment and its needs.
One last note, depending on your TCPIP configuration, the calls to gethostname() [from within krb5_sname_to_principal()], made to discover your local host name, may not return the domain part of your local hostname. If that host name is your master KDC from which propagation is being done, and you have added the host/node entry principal using its domain, you will get errors from KPROP that says "client not found". I suspect that if you mis-typed the slave hostname without its domain on the kprop command line that you would see the same problem, but this is easier to detect than the first case.
More information about the Kerberos