Help with replication
Ken Hornstein
kenh at cmf.nrl.navy.mil
Mon Jul 18 15:22:15 EDT 2022
>I am a bit surprised that the cnames in the krb5.conf file were the
>problem. I would like to use a common krb5.conf file everywhere
>deployed by our configuration management processes. I guess one what
>would be to create principals for the cnames. Seems a bit unclean. Or
>just have a unique krb5.conf for kdc systems.
I can only say that we have the same krb5.conf file everywhere, and ...
I'm confused what you are talking about when it comes to canonicalization
issues for your admin principal and your krb5.conf!
I admit, hostname canonicalization with Kerberos has always been a bit ...
challenging. The exact behavior can depend on the version of Kerberos
you are using and krb5.conf configuration entries. Drives me nuts at
times.
I'd ALSO check to make sure it works correctly at reboot; like I
explained earlier, that tripped me up.
--Ken
More information about the Kerberos
mailing list