CNAME, host names, principal names (slave propigation error)
Jonathan Schreiter
jonathanschreiter at yahoo.com
Thu Sep 29 23:11:09 EDT 2005
Hi all - building my first kerberos realm and
following the installation guide very closely (please
bear with me).
I have a master and a slave kdc similar to daisy and
use-the-force-luke in the tutorial. I reference them
as kerberos and kerberos-1, respectively, throughout
all the exercises. I've setup DNS to include the
CNAME and SRV records as shown in the document.
I have no reference to "daisy" or "use-the-force-luke"
in krb5.conf, addprinc (host/kerberos.domain.org),
ktadd (host/kerberos.domain.org), or the kpropd.acl
(host/kerberos.domain.org). If I run from kadmin a
listprincs command i get the proper
host/kerberos.domain.org at REALM.ORG. All of these
references also have kerberos-1.
I am able to perform a kdb5_util dump ok, but when I
attempt a kprop -f to kerberos-1.domain.org, the error
"Client not found in Kerberos database while getting
initial ticket" appears. Looking at the krb5kdc.log
file, I have a lot of CLIENT_NOT_FOUND:
host/daisy.domain.org at REALM.ORG for
host/use-the-force-luke.domain.org at REALM.ORG, Client
not found in Kerberos database.
In the krb5.conf I've changed dns_lookup_realm = true
and dns_lookup_kdc = true, (both from false) but this
doesn't solve the problem.
Could someone please point me the right direction?
Any help would be grealy appreciated - I'm almost
there!
Thanks,
Jonathan
More information about the Kerberos
mailing list