Invalid hostname in kadmin/hostname principal

Praveenkumar Sahukar psahukar at
Tue Aug 1 07:51:50 EDT 2006


The hostname component of the kadmin/<hostname>@realmname service
principal represents the KADMIND host. As LDAP back-end (with
kdb5_ldap_util command) can be accessed over the network, the realm
setup operation can be done from any remote node (which might possibly
not host a KADMIND server), in which case the kadmin/<hostname>
principal might have an incorrect hostname component.

Though, a fall-back to kadmin/admin exists, having the right
kadmin/<hostname> is essential.

We can document this information and have the kerberos administrator
take care of the situation. But can we at the first place avoid the
creation of kadmin/<hostname> principal for an LDAP backend because of
the problem explained above and document it as a separate step with
appropriate details ?

Praveen Kumar

More information about the krbdev mailing list