Hi Monica, and interest,
Kprop and supporting functions seem to be architected to lowercase the
'host/principal' name in this case.
Kprop makes a call to get_tickets() where the principal names for the propagation
are constructed. In the ensuing call to krb5_sname_to_principal(), the
yourhost.yourdomain name string is discovered and used to construct the
[EMAIL PROTECTED] principal name.
krb5_sname_to_principal() will lowercase every character in the
yourhost.yourdomain string.
One workaround for this behavior might be to create your host/node.domain@REALM
principal using lowercase letters for host/node.domain. Your tcpip configuration
might also be modified to define appropriate case-sensitive alias node names (as you
did) to allow both upper and lowercase node name use for other needs (if you need
both). You'll have to experiment, I am sure, to get this as you need it for your
particular environment and its needs.
One last note, depending on your TCPIP configuration, the calls to gethostname()
[from within krb5_sname_to_principal()], made to discover your local host name, may
not return the domain part of your local hostname. If that host name is your master
KDC from which propagation is being done, and you have added the host/node entry
principal using its domain, you will get errors from KPROP that says "client not
found". I suspect that if you mis-typed the slave hostname without its domain on the
kprop command line that you would see the same problem, but this is easier to detect
than the first case.
Sincerely,
Al Jamison
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
