Kerberos Single sign on not working
kannan rbk
kannanrbk.r at gmail.com
Wed May 29 01:12:28 EDT 2013
Hi,
Thank you so much for your precious time. I mapped the ip address to
"kannan" in our dns server. Now , it's working fine.
Regards ,
Bharathikannan R
On Tue, May 28, 2013 at 10:55 PM, Greg Hudson <ghudson at mit.edu> wrote:
> On 05/28/2013 12:19 AM, kannan rbk wrote:
> > I think i am little short on the problem. Thanks for your useful
> > debugging info. I am trying to connect the host "kannan" but in kerberos
> > log it tries to connect "dineshbabu".
>
> When we convert a hostname to a Kerberos principal, we canonicalize the
> hostname using name resolution: first by performing a forward lookup,
> and then by performing a reverse lookup of the resulting address. Here
> is an example:
>
> $ host ptr-mismatch.kerberos.org
> ptr-mismatch.kerberos.org is an alias for www.kerberos.org.
> www.kerberos.org has address 18.9.62.44
>
> $ host 18.9.62.44
> 44.62.9.18.in-addr.arpa domain name pointer KERBEROS-ORG.MIT.EDU.
>
> $ kvno -S host ptr-mismatch.kerberos.org
> host/kerberos-org.mit.edu at ATHENA.MIT.EDU: kvno = 4
>
> It seems that on your network, "kannan" canonicalizes to "dineshbabu"
> according to this process.
>
> It is possible to suppress the reverse lookup by setting "rdns = false"
> in the [libdefaults] section of krb5.conf. Unfortunately, this doesn't
> always work on Linux due to a libc bug.
>
>
--
Regards,
Bharathikannan R
More information about the Kerberos
mailing list