/etc/hosts on a Kerberos client

Sam Hartman hartmans at MIT.EDU
Wed Sep 10 14:40:06 EDT 2003

>>>>> "James" == James McBride <mcbridejt at us.ibm.com> writes:

    James> Dear Kerberos Support Analyst:

    James> Oracle Support is reporting that MIT Kerberos requires that
    James> the FQDN of a Kerberos client must be in the /etc/hosts
    James> file.  They provided the URL below as a reference:
    James> http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1
    James> /doc/krb5-admin.html#Getting%20DNS%20Information%20Correct

    James> We feel that Kerberos can use DNS and the operating system
    James> to determine the FQDN of a machine.

    James> Please provide your perspective on this.

    James> Thanks In Advance,

    James> Jim McBride Oracle Deployment and Support IBM Corporation
    James> 6300 Diagonal HWY., Stop 003E Boulder, CO 80301-9020
    James> Office: (303) 924-5626 Lab: (303) 924-0212 Fax: (303)
    James> 924-9233 mcbridejt at us.ibm.com

    James> _______________________________________________ krbdev
    James> mailing list krbdev at mit.edu
    James> https://mailman.mit.edu/mailman/listinfo/krbdev

Hi.  The address krbdev at mit.edu is not an appropriate place to request
Kerberos support.  This address is for discussion of development of
MIt Kerberos.  You may want to address support questions to
kerberos at mit.edu in the future.

That said, with regard to DNS and hostnames, the requirement is that
gethostbyaddr(gethostbyname(gethostname())) return a correct hostname
with an FQDN.  The easiest way of guaranteeing this is to make sure
that both /etc/hosts and DNS will correctly resolve the machine.

Things that typically do not work include listing the machine's IP in
/etc/hosts without the FQDN first; listing the machine's name on the
localhost line in /etc/hosts; etc.

Not listing the machine's name in /etc/hosts at all while correctly
configuring DNS will tend to work correctly.

More information about the krbdev mailing list