On Wed, Jul 29, 2020 at 8:24 PM Wesley Taylor <[email protected]> wrote:
> I have a program I am trying to set up which tries to authenticate > with the principal host\machine-FQDN@REALM using Kerberos. > > However, when I run kinit -k, the machine isn't found in the Kerberos > database. "kinit -k" (with no arguments) defaults to attempting to obtain a TGT for (e.g.) host/[email protected], which only works if you set userPrincipalName to host/[email protected] when you joined the host to Active Directory. Running "kinit -k MYMACHINE\$" (that is, using the value of the sAMAccountName attribute as the argument to "kinit -k") should always work. > From what I have read, SSSD is responsible for being the glue > between MIT Kerberos (what Linux uses) and Microsoft Kerberos (which > Active Directory uses). This has nothing to do with sssd; it's all about setting userPrincipalName correctly when you join the host to AD if you want "kinit -k" (with no arguments) to work. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
