Authenticating using lower case domain/realm

San tos sansancasd at
Mon Mar 9 07:48:55 EDT 2009

Hello to all.

I have successfully configured ubuntu machines to authenticate to a active
directory running windows 2k (pam_krb5/LDAP/Kerberos). The realm is
DOMAIN.COM, however in order to be user friendly and maintain the same login
address in everything, i need to authenticate using user at instead
of user at DOMAIN.COM.

It seems windows 2k, accepts either way, but maybe kerberos don't like the
response it receives:

kinit(v5): KDC reply did not match expectations while getting initial

I'm using ubuntu 8.10 and:

krb5-config 1.19 Configuration files for Kerberos Version 5
krb5-user 1.6.dfsg.4~beta1-3 Basic programs to authenticate using MIT Ker
libkrb53 1.6.dfsg.4~beta1-3 MIT Kerberos runtime libraries

The krb5.conf:

        default_realm = DOMAIN.COM
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true
#       dns_lookup_realm = true
#       dns_lookup_kdc = false

        DOMAIN.COM = {
                kdc =
                admin_server =
                default_domain = DOMAIN.COM

[domain_realm] = DOMAIN.COM  = DOMAIN.COM

I have googled, read the mans, tried a lot of other configurations, etc, for
days now, but can't figure it out. I will appreciate any input you got on

Thanks in advance for you replies.


More information about the Kerberos mailing list