[30892] in Kerberos
Re: Help with trying to setup a KDC Slave
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Thu Mar 19 15:54:49 2009
From: Ken Raeburn <raeburn@MIT.EDU>
To: Matthew.GARRETT@external.total.com
In-Reply-To: <OF0DD75CC8.00B0AA56-ON8025757E.005A11A8-8025757E.005C07CC@total.com>
Message-Id: <3ED72BA0-5F04-4355-8658-4C29F9381FE3@mit.edu>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Thu, 19 Mar 2009 15:52:23 -0400
Cc: kerberos@MIT.EDU
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
On Mar 19, 2009, at 12:45, Matthew.GARRETT@external.total.com wrote:
> DNS both forward and reverse work fine for the Slave KDC
By "work fine", do you mean that when you look up
hutch.uk.ad.ep.corp.local you get an address (or more than one), and
when you look up that address, you get back the name
hutch.uk.ad.ep.corp.local? Or do you just mean you get a name back?
In the default configuration of the MIT code, the name you get back
from looking up the address is generally the name that'll be used in
constructing a principal name.
Does your config file or DNS data indicate that
hutch.uk.ad.ep.corp.local is in UK.AD.EP.CORP.LOCAL?
Check the log file on the KDC. It should indicate some kprop/*
principal being looked up if the host name is coming out wrong, or
possibly some krbtgt/* principal if it's coming up with the wrong
realm name.
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
