Kerberos Single sign on not working

kannan rbk kannanrbk.r at
Wed May 29 01:12:28 EDT 2013


Thank you so much for your precious time. I mapped the ip address to
"kannan" in our dns server. Now , it's working fine.

Regards ,

Bharathikannan R

On Tue, May 28, 2013 at 10:55 PM, Greg Hudson <ghudson at> wrote:

> On 05/28/2013 12:19 AM, kannan rbk wrote:
> > I  think i am  little short on the problem. Thanks for your useful
> > debugging info. I am trying to connect the host "kannan" but in kerberos
> > log it tries to connect "dineshbabu".
> When we convert a hostname to a Kerberos principal, we canonicalize the
> hostname using name resolution: first by performing a forward lookup,
> and then by performing a reverse lookup of the resulting address.  Here
> is an example:
>   $ host
> is an alias for
> has address
>   $ host
> domain name pointer KERBEROS-ORG.MIT.EDU.
>   $ kvno -S host
>   host/ at ATHENA.MIT.EDU: kvno = 4
> It seems that on your network, "kannan" canonicalizes to "dineshbabu"
> according to this process.
> It is possible to suppress the reverse lookup by setting "rdns = false"
> in the [libdefaults] section of krb5.conf.  Unfortunately, this doesn't
> always work on Linux due to a libc bug.


Bharathikannan R

More information about the Kerberos mailing list