On Oct 29, 2009, at 18:35, <[email protected]> wrote: > Can I use capitalization in names used in kerberos domain? > I am bumping into a issue when capital letters are used in domain > but not in the hostname only. > Details below. > Needless to say all sort of other authentication also fails.
The DNS is case-insensitive for comparing names (though sometimes case- preserving for returning data). But Kerberos needs to have a canonical way of constructing host-based principal names from host names, and it is specified that the lower-case form of the host name is used. So, you can create the principals, but unless you make a bunch of code changes -- and force anyone else who wants to authenticate to your hosts to do so too -- they're not likely to get used. (Some of the alias handling in 1.7 might make it easier to implement, but I still wouldn't recommend it.) > [r...@nf-arktest-sto ~]# kinit -k /etc/krb5.keytab > kinit(v5): Client not found in Kerberos database while getting > initial credentials That's a different problem. "-k" specifies that a keytab is to be used instead of asking for a password. It doesn't take a parameter; you use "-t type:keytabname" if you need to specify a keytab (e.g., "- t FILE:/etc/krb5.keytab"). So "/etc/krb5.keytab" is taken as the client principal name, and that almost certainly isn't in your database.... Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
