I'm trying to kerborize my setup, and am fairly certain that I have the "basics" done (after only 5 hours! I can't understand why *more* people don't do this! argh). However, when I try to connect to my kdc from a client machine, it doesn't work. I have the keytabs setup, but I think I'm missing something (probably something obvious). The following is from my logs when connecting via ssh from .0.2 to .0.1 (client to server): May 20 00:14:47 bishop krb5kdc[8989](info): TGS_REQ (3 etypes {16 1 3}) 192.168.0.2(16416): UNKNOWN_SERVER: authtime 1053411007, david@BISHOP.DHS.ORG for krbtgt/DHS.ORG@BISHOP.DHS.ORG, Server not found in Kerberos database Now, two things to note: bishop.dhs.org trebles as my server name *and* my domain *and* (in uppercase, of course) my realm. Unfortunetly, that's just the way it goes in this odd free-domain-name spaces. (For those of you following my various posts, this is my personal setup, not my friends or my "real" servers. Assuming this goes alright, they're next). Now, why does it think that my client is coming in as DHS.ORG@BISHOP.DHS.ORG? Where do I tell it that I want it to declare itself as debian.bishop.dhs.org@BISHOP.DHS.ORG? Or, to save typing, debian@BISHOP.DHS.ORG? I can't see, and it's frankly too late for me to even be coherent (see the previous three paragraphs for proof!). Any pointers greatly appreciated, but not responded to until morning.... And of course, any clarifying information available upon request. David
Attachment:
pgpx_yXkDWMOE.pgp
Description: PGP signature