Greetings all:
Please feel free to make the assumption that I have false
understandings. If "KERBEROS.REALM" is stated, but from syntax it
should be "coda.realm", please correct me.
Yes, it should be "codaacco...@coda.realm", not otherwise.
Ok, I tried changing the clog to:
[r...@sandbox3 ~]# clog \
-method kerberos5 coda_admin_u...@coda.realm \
-tokenserver sandbox2.host.domain 370 \
-krealm KERBEROS.REALM \
-kdc sandbox2.host.domain \
-servprinc coda/coda.realm
Basically, the method u...@realm was changed to the coda realm from the
kerberos realm. Also, the servprinc was changed to the coda.realm from
sandbox2.host.domain.
Does this appear sane?
Key points in this email:
*) The only keytab used by coda inherently is on coda server hosts:
/vice/db/krb5.keytab
*) The keytab need only maintain the service principle for:
codaauth/coda.re...@kerberos.realm
The discourse on host/ vs coda/ vs codaauth/ ended with a misunderstanding.
This subject is not important, please disregard.
The discourse on coda/kerberos auth related definitions and "kerberos
basics" also ended in misunderstanding. It may also be disregarded.
Regards,
-Don
{void}
