Lots of UNKNOWN_SERVER this time... whoa
Ken Hornstein
kenh at cmf.nrl.navy.mil
Mon Apr 30 15:10:12 EDT 2007
>The authentication process is trying to find
>krbtgt/rcf.foo.com at RCF.FOO.COM which does not exist.
>
>Is kdb5_util creating an improperly named krbtgt principal
>or is RHELv4 pam_krb5.so improperly naming its requested
>principal (lowercasing it)?
As a guess, I believe that pam_krb5.so thinks that it needs to authenticate
to the realm rcf.foo.com, so it's asking for a cross-realm ticket to go
between rcf.foo.com and RCF.FOO.COM. I don't see anything in your
krb5.conf that would make it think that, but something is hinky here.
(It's definately not a problem on your KDC, FWIW).
--Ken
More information about the Kerberos
mailing list