>>>>> "Dennis" == Dennis Davis <[EMAIL PROTECTED]> writes:
Dennis> Well, I'm not concerned about obfuscating kerberos entries. I see
Dennis> the following log entry on my test server:
Dennis> Feb 03 13:45:09 ancho.bath.ac.uk krb5kdc[17597](info): AS_REQ (7 etypes
{18 17 16 23 1 3 2}) 138.38.32.80: SERVER_NOT_FOUND: ccsdhd/[EMAIL PROTECTED]
for kadmin/[EMAIL PROTECTED], Server not found in Kerberos database
Dennis> This looks wrong to me. It shouldn't be requesting the
Dennis> kadmin/[EMAIL PROTECTED] principal. That would be
Dennis> associated with the machine acting as the kerberos server. Instead
Dennis> it should be requesting the kadmin/[EMAIL PROTECTED] principal which
Dennis> is what the 1.3.6 kadmin client does. This would also tally up with
Dennis> the "Required KADM5 principal missing" message.
Ok, that is very useful information to have. The host-based kadmin
principal name was a 1.4 change for SEAM compatibility. It should
fall back to kadmin/admin but does not appear to at the moment. I'll
investigate further.
---Tom
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
