On 03/02/2012 10:38 AM, Ondrej Valousek wrote:
Ok, we have slipped away a bit. Now I agree with Craig.
We should be always using 'hostname --fqdn' instead of just 'hostname'.
The sssd parameter Stephen offered (ipa_hostname) seems to me bit
misleading. We should probably insist that hostname
On Fri, 2012-03-02 at 05:16 +0300, Craig T wrote:
Hi,
Server Side:
RHEL6.2
ipa-admintools-2.1.3-9.el6.x86_64
ipa-client-2.1.3-9.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-python-2.1.3-9.el6.x86_64
ipa-server-2.1.3-9.el6.x86_64
On Fri, 2012-03-02 at 08:10 -0500, Stephen Gallagher wrote:
On Fri, 2012-03-02 at 05:16 +0300, Craig T wrote:
Hi,
Server Side:
RHEL6.2
ipa-admintools-2.1.3-9.el6.x86_64
ipa-client-2.1.3-9.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-pki-common-theme-9.0.3-7.el6.noarch
There are kerberized programs that expect to use gethostname() and use
that name to compose principals. If that name is not fully qualified
they will break.
Simo.
Normally, you should have both:
[root@ara tmp]# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
On Fri, 2012-03-02 at 15:21 +0100, Ondrej Valousek wrote:
There are kerberized programs that expect to use gethostname() and use
that name to compose principals. If that name is not fully qualified
they will break.
Simo.
Normally, you should have both:
[root@ara tmp]# klist -k
No, unless you can alias them in the KDC.
Our KDC can technically supports aliases now, but we haven't added these
kind of aliases yet to it. And it is a bit controversial on whether we
want to.
In A windows domain you simply cannot have client residing in a DNA
domain that is not the same as
On Fri, 2012-03-02 at 16:10 +0100, Ondrej Valousek wrote:
No, unless you can alias them in the KDC.
Our KDC can technically supports aliases now, but we haven't added these
kind of aliases yet to it. And it is a bit controversial on whether we
want to.
In A windows domain you simply