Hi Alexander,


Thanks for explaining how gethostname() works.  At least armed with this
information I can make a case to the powers that be why we need to make a
change like this.

So does this mean that all servers should have a fqdn in /etc/hostname or
in the case of RHEL6 setting the HOSTNAME variable in

Thanks a ton for your help!

Best Regards,
Jon A

On Wed, Jan 27, 2016 at 3:16 PM, Alexander Bokovoy <aboko...@redhat.com>

> On Wed, 27 Jan 2016, Jon wrote:
>> Hi Alexander,
>> I've changed the names to anonymize the logs, but have maintained the
>> structure of the names.
>> This is how I've got the hostname configured:
>> [root@freeipaserver ~]# hostname
>>>> freeipaserver
>>>> [root@freeipaserver ~]# hostname -a
>>>> freeipaserver
>>>> [root@freeipaserver ~]# hostname -f
>>>> freeipaserver.my.sub.domain.com
>>>> [root@freeipaserver ~]# cat /etc/hosts
>>>>   localhost localhost.localdomain localhost4
>>> localhost4.localdomain4
>>> ::1         localhost localhost.localdomain localhost6
>>> localhost6.localdomain6
>>>> freeipaserver.my.sub.domain.com freeipaserver
>>>> [root@freeipaserver ~]# cat /etc/sysconfig/network
>>>> DNS1=
>>>> NISDOMAIN=my.sub.domain.com
>>>> SEARCH=my.sub.domain.com
>>>> DOMAIN=my.sub.domain.com
>> (NISDOMAIN and DOMAIN were previous attempts to set the domain.  I can't
>> just set /etc/hostname to "freeipaserver" as a bash prompt that says [
>> r...@freeipaserver.my.sub.domain.com ~] is unacceptable to our ops teams,
>> and we can't rewrite our bashrcs (these are company standards).  However,
>> based on the instructions, I do believe I've set the hostname correctly
>> unless something has changed between RHEL6 and RHEL7).
> So this is not going to work, sorry.
> One way or another, Kerberos requires you to have uniform names, so
> freeipaserver and freeipaserver.my.sub.domain.com are different names
> and thus cifs/freeipaserver@REALM and
> cifs/freeipaserver.my.sub.domain.com@REALM
> are two different Kerberos principals. FreeIPA KDC does not support
> aliases.
> Almost all software using Kerberos is retrieving hostname using
> gethostname() call which, in turn, uses uname() system call and copies
> hostname from a nodename element of the returned structure. There is no
> code that complements nodename with default domain or something, so
> that output has to be fully qualified or ALL hosts in your deployment
> would need to non-fully qualified.
> `hostname` output is essentially giving you what uname() returns in
> nodename, while `hostname -f` appends default domain to it.
> Company standards may be important but in this case your bashrc code is
> clearly based on something that is not really taking Kerberos reality
> into account.
> --
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to