Lots of UNKNOWN_SERVER this time... whoa

Ken Hornstein kenh at cmf.nrl.navy.mil
Mon Apr 30 15:10:12 EDT 2007


>The authentication process is trying to find
>krbtgt/rcf.foo.com at RCF.FOO.COM which does not exist.
>
>Is kdb5_util creating an improperly named krbtgt principal
>or is RHELv4 pam_krb5.so improperly naming its requested
>principal (lowercasing it)?

As a guess, I believe that pam_krb5.so thinks that it needs to authenticate
to the realm rcf.foo.com, so it's asking for a cross-realm ticket to go
between rcf.foo.com and RCF.FOO.COM.  I don't see anything in your
krb5.conf that would make it think that, but something is hinky here.

(It's definately not a problem on your KDC, FWIW).

--Ken



More information about the Kerberos mailing list