Invalid hostname in kadmin/hostname principal
psahukar at novell.com
Tue Aug 1 07:51:50 EDT 2006
The hostname component of the kadmin/<hostname>@realmname service
principal represents the KADMIND host. As LDAP back-end (with
kdb5_ldap_util command) can be accessed over the network, the realm
setup operation can be done from any remote node (which might possibly
not host a KADMIND server), in which case the kadmin/<hostname>
principal might have an incorrect hostname component.
Though, a fall-back to kadmin/admin exists, having the right
kadmin/<hostname> is essential.
We can document this information and have the kerberos administrator
take care of the situation. But can we at the first place avoid the
creation of kadmin/<hostname> principal for an LDAP backend because of
the problem explained above and document it as a separate step with
appropriate details ?
More information about the krbdev