Question about hostnams, domains, and realms
Stack Stack
i.am.stack at gmail.com
Wed Dec 15 21:56:43 EST 2010
Hello!
I have recently decided to try to get a single login system for a group of
computers that I work with regularly. I am looking for something to manage
multiple users on multiple systems. So I got myself a few books on Kerberos
and am going through them. As I follow through the examples I am constantly
having issues. So far googling the error messages has helped me proceed but
it seems like I am deviating from the books more and more. Now I have hit
this problem where clients are not seeing the user permissions as defined on
the server. All of the resources I have found to fix this error, I have done
already.
I *think* that my problem is that I am on a LAN that is *not* connected to
the Internet in any capacity (updates/packages are done over sneaker-net
with a thumbdrive). Since these systems are not connected to the Internet,
when I built them out I didn't really give them a FQDN. In fact the systems
are named purpose.project (as in developer1.Oliver-developer5.Oliver,
backup.Oliver, compute.Oliver, ect ... ).
When the book talked about the domains and realms it used example.com. The
book uses server.example.com and client.example.com. I just used Oliver.
To give examples of what I mean, the book gives something like:
[libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM={
kdc=server.example.org
admin_server = server.example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
However, my configuration file looks more like this:
[libdefaults]
default_realm = OLIVER
[realms]
OLIVER={
kdc=server.OLIVER
admin_server = server.OLIVER
}
[domain_realm]
.oliver = OLIVER
oliver = OLIVER
Now for my plethora of questions.
Even though all the computers have the names and ips in /etc/hosts and can
talk to each other, I have a feeling that my config files are the problem.
Can someone tell me if this is the case or not?
Should I rename all the hosts and give them a .com/.net/.org ending?
Since I don't own any of oliver[.com|.net|.org} domains, is there a generic
domain I could use? .local maybe? I am trying to think ahead should we ever
get a domain on the Internet; I would rather not make it too complicated to
change.
It is my understanding that the hostname has to resolve to the name used by
kerberos, correct? So just changing the computer name in /etc/hosts won't be
enough. (I think this is the case as I believe I read this in one of the
books, but I can't find that page for confirmation again..)
I apologize for unloading a bunch of questions. I have been trying to find
the path on my own, but it keeps getting murkier and harder to follow as I
learn a whole new project (at least new to me). Thank you very much for your
time. I appreciate any help you can give.
Thanks!
~Stack~
More information about the Kerberos
mailing list