Keytab server principal cuts off at @

[Charles Breite]

Yes is my krb5.conf...

[libdefaults]
        default_realm = DOMAIN.COM
        clockskew = 300
        #dns_lookup_kdc = true
        #dns_lookup_realm = true

# We have to have the realm spec here still for CAS
[realms]
        DOMAIN.COM = {
                kdc = vmad1.domain.com
                default_domain = domain.com
                admin_server = vmad1.domain.com
        }

[logging]
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON
[domain_realm]
        DOMAIN = DOMAIN.COM
        .DOMAIN = DOMAIN.COM
[appdefaults]
        pam = {
                ticket_lifetime = 1d
                renew_lifetime = 1d
                forwardable = true
                proxiable = false
                retain_after_close = false
                minimum_uid = 1
                use_shmem = sshd
        }

-----Original Message-----
From: Simon Wilkinson [mailto:simon at sxw.org.uk] 
Sent: Tuesday, June 16, 2009 2:37 AM
To: Charles Breite
Cc: kerberos at mit.edu
Subject: Re: Keytab server principal cuts off at @


On 15 Jun 2009, at 19:30, Charles Breite wrote:
> I am wondering if anyone has seen this where the principal is
> cutoff....I have regenerated the keytab several times and re-checked  
> the
> windows accounts we are using for the auth.... Shouldn't the principal
> be  HTTP/servername.domain.com at domain.com

A lack of a realm usually means that Kerberos is attempting to find  
the realm using referrals. Have you got a default realm set in your  
krb5.conf?

S.