Invalid hostname in kadmin/hostname principal
Will Fiveash
William.Fiveash at sun.com
Tue Aug 1 15:21:39 EDT 2006
On Tue, Aug 01, 2006 at 09:46:28AM -0400, Sam Hartman wrote:
> >>>>> "Praveenkumar" == Praveenkumar Sahukar <psahukar at novell.com> writes:
>
> Praveenkumar> We can document this information and have the
> Praveenkumar> kerberos administrator take care of the
> Praveenkumar> situation. But can we at the first place avoid the
> Praveenkumar> creation of kadmin/<hostname> principal for an LDAP
> Praveenkumar> backend because of the problem explained above and
> Praveenkumar> document it as a separate step with appropriate
> Praveenkumar> details ?
>
> I think a better approach would be to recommend that people create
> their database from a machine that will be a kadmin server.
Some related issues:
1. Multi-master where there are more than one systems running kadmind.
2. Multi-homed system is running kadmind.
One of the problems with the automagic creation of the various service
princs that assume a certain FQDN is that the admin may be unaware of
the presence and function of these service princs and thus be more
confused when things don't work. Perhaps the addition of the hostname
dependent service princs should be manually done.
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krbdev
mailing list