On 05/28/2013 12:19 AM, kannan rbk wrote: > I think i am little short on the problem. Thanks for your useful > debugging info. I am trying to connect the host "kannan" but in kerberos > log it tries to connect "dineshbabu".
When we convert a hostname to a Kerberos principal, we canonicalize the hostname using name resolution: first by performing a forward lookup, and then by performing a reverse lookup of the resulting address. Here is an example: $ host ptr-mismatch.kerberos.org ptr-mismatch.kerberos.org is an alias for www.kerberos.org. www.kerberos.org has address 18.9.62.44 $ host 18.9.62.44 44.62.9.18.in-addr.arpa domain name pointer KERBEROS-ORG.MIT.EDU. $ kvno -S host ptr-mismatch.kerberos.org host/[email protected]: kvno = 4 It seems that on your network, "kannan" canonicalizes to "dineshbabu" according to this process. It is possible to suppress the reverse lookup by setting "rdns = false" in the [libdefaults] section of krb5.conf. Unfortunately, this doesn't always work on Linux due to a libc bug. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
