On Wed, Dec 19, 2018 at 09:41:49PM -0600, Bryan Mesich via FreeIPA-users wrote: > On Wed, Dec 19, 2018 at 09:18:35PM -0600, Bryan Mesich via FreeIPA-users > wrote:
[snip...] > I was able to reproduce the problem on my end. I forgot that Kerberos > can canonicalize host names. If I set "dns_canonicalize_hostname = > false" under the [libdefaults] section (in krb5.conf on client), I get > the same problem: > > debug1: Unspecified GSS failure. Minor code may provide more > information Server host/[email protected] not found in Kerberos > database > > Try setting it to true and see what happens. GSSAPITrustDns=yes in ssh_conf should also do the trick. You can decide where you want the canonicalization to occur, ssh or krb5. Bryan > > Bryan -- Bryan Mesich Sr. System Administrator DIGI-KEY ELECTRONICS 701 Brooks Ave. South Thief River Falls, MN 56701 USA [email protected] 218.681.8000 x6104 Powered by Linux 3.10.0-862.6.3.el7.x86_64 _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
