Is it necessary to assign hostname to slave KDC in small letters for KDC propagation?
Juri Dakua
jdakua at TechMahindra.com
Wed Apr 23 10:51:43 EDT 2008
Asper Kerberos V5 Installation Guide, it sounds like
Database propagation works using the host principal of the slave KDC.
I have assigned the hostname of the slave KDC as TESTSLAVE having domain
name as techmbng.com and created the host principal as
host/TESTSLAVE.techmbng.com. My DNS server also returns
TESTSLAVE.techmbng.com on IP address lookup.
However the database propagation from master KDC fails giving the error
kprop: Server not found in Kerberos database while getting initial
ticket
On the other hand, keeping all configurations same and just creating the
host principal as host/testslave.techmbng.com rather than
host/TESTSLAVE.techmbng.com, makes database propagation succeed.
FYI: all goes well if I assign the hostname in small letters
(testslave), create the host principal accordingly
(host/testslave.techmbng.com) and configure DNS server to return the
same on IP lookup (testslave.techmbng.com).
>From this it seems like kprop tries to do database propagation using the
host principal for the FQDN with hostname in all small letters
(testslave.techmbng.com) rather than the actual FQDN assigned.
Is it mandatory to have to slave KDC hostname assigned with all small
letters or am I missing something?
Thanks
Juri
============================================================================================================================
Disclaimer:
This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at <a href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="http://tim.techmahindra.com/Disclaimer.html">http://tim.techmahindra.com/Disclaimer.html</a> internally within Tech Mahindra.
============================================================================================================================
More information about the Kerberos
mailing list