> Does anyone know why certmonger is looking for a keytab for 
> host/det-webdl01@. instead of 
> host/host/det-webdl01.sub.example....@example.com?

In order to authenticate to the IPA server, the client software needs
credentials.  In order to obtain those credentials, it needs to figure
out the client system's principal name.  The function it uses to do this
derives that principal name by doing a lookup to discover the client
host's canonical name, and in this case that appears to be returning the
shorter name.

I'd check the result of running 'getent hosts `hostname`', and if
/etc/hosts has an entry for the hostname that lists the short version



/etc/hosts has both sort and FQDN.  I removed the sort and and resubmitted the 
certificate.  That resolved my issue.  should I completely remove the short 
name or is there a way to work around this?

Freeipa-users mailing list

Reply via email to