On 07/22/2013 04:26 PM, Rivet, Matt wrote:
>> Does anyone know why certmonger is looking for a keytab for 
>> host/det-webdl01@. instead of 
>> host/host/det-webdl01.sub.example....@example.com?
> In order to authenticate to the IPA server, the client software needs
> credentials.  In order to obtain those credentials, it needs to figure
> out the client system's principal name.  The function it uses to do this
> derives that principal name by doing a lookup to discover the client
> host's canonical name, and in this case that appears to be returning the
> shorter name.
> I'd check the result of running 'getent hosts `hostname`', and if
> /etc/hosts has an entry for the hostname that lists the short version
> first.
> HTH,
> Nalin
> /etc/hosts has both sort and FQDN.  I removed the sort and and resubmitted 
> the certificate.  That resolved my issue.  should I completely remove the 
> short name or is there a way to work around this?

/etc/hosts can have the short form, it just need to be specified _after_ the
FQDN one, i.e.:  ipa.example.com ipa


Freeipa-users mailing list

Reply via email to