Will Fiveash wrote: > On Wed, Oct 07, 2009 at 03:29:55PM -0500, Douglas E. Engert wrote: > >> Kyle McDonald wrote: >> >>> I've made all the tweaks suggested, and all the ones that I could think of, >>> and I'm still getting the same message. >>> This is SXCE sNVb123 in case that matters. >>> I've tried to capture all the info I think might matter below. Any ideas >>> where this is going wrong? I'm following p394-398 0f the Open Solaris >>> 'System Administration Guide: Security Services' Docutment. I can't get >>> past the bottom of p396. >>> >>>> root at keymaster:/etc/krb5# hostname >>>> >>>> >>>> keymaster >>>> >> For what it is worth, Kerberos usually want the hostname command to return >> the FQDN, rather then the short name. We always install a new system from >> the start using the FQDN. >> > > It shouldn't matter. Here inside Sun the norm is for hostname to be set > to the short form. > > Which is where I picked up the habit. ;) >> Looking at your DNS records, is kdc0 an alias for keymaster? >> Maybe you should just call the machine kdc0.releng.egenera.com >> and forget using keymaster or make it an alias for kdc0. >> > > Yeah, I didn't notice that. That could be the problem. The Docs I was reading actually suggest using an alias.
In my mind the question isn't whether you can have an alias setup, it's which name do you use in the config files? (and does the first [master right?] kdc= line have to have the same value as the admin_server= line?) > Again, the norm > is that the hostname command returns the short form of the canonical > hostname as returned by DNS. Which is true here too. Reverse lookups of either IP address return 'keymaster.releng.egenera.com.' > Well, at least one of the canonical > hostnames (if a system is multi-homed then it's going to be one of the > names). > > In my config DNS doesn't have separate hostnames per interface. Though /etc/hosts does in order to match the hostname.xyz0 files. Thanks again Guys! -Kyle
