still have password authentication with ssh (Nils Achtergarde)

Henry B. Hotz hotz at
Fri Jul 27 15:43:03 EDT 2007

On Jul 27, 2007, at 9:07 AM, krbdev-request at wrote:

> Date: Thu, 26 Jul 2007 23:37:05 +0200
> From: Nils Achtergarde <n.achtergarde at>
> Subject: Re: still have password authentication with ssh
> To: krbdev at
> Message-ID: <46A91401.6030005 at>
> Content-Type: text/plain; charset=ISO-8859-1
> Problem was, that when running "hostname" in shell, I only got the  
> name,
> but it had to be the fully qualified name.

Some versions of hostname will take a -fqdn option.  Don't use that  
option as root on a machine that doesn't support it though.  (I once  

> In addition the KVNO didn't match. To get the KVNO, run getprinc
> host/<hostname> in kadmin.local on the kdc and run klist -ke on the  
> client.

It'd be easier to run "kvno host/<hostname>".  ;-)  (I think that's  
kgetcred on Heimdal.)

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the krbdev mailing list