Help with trying to setup a KDC Slave
Ken Raeburn
raeburn at MIT.EDU
Thu Mar 19 15:52:23 EDT 2009
On Mar 19, 2009, at 12:45, Matthew.GARRETT at external.total.com wrote:
> DNS both forward and reverse work fine for the Slave KDC
By "work fine", do you mean that when you look up
hutch.uk.ad.ep.corp.local you get an address (or more than one), and
when you look up that address, you get back the name
hutch.uk.ad.ep.corp.local? Or do you just mean you get a name back?
In the default configuration of the MIT code, the name you get back
from looking up the address is generally the name that'll be used in
constructing a principal name.
Does your config file or DNS data indicate that
hutch.uk.ad.ep.corp.local is in UK.AD.EP.CORP.LOCAL?
Check the log file on the KDC. It should indicate some kprop/*
principal being looked up if the host name is coming out wrong, or
possibly some krbtgt/* principal if it's coming up with the wrong
realm name.
Ken
More information about the Kerberos
mailing list