Re: [modauthkerb] Re: No principal in keytab matches desired name
Brought to you by:
kouril
From: Achim G. <ac...@gr...> - 2006-02-17 19:24:08
|
On Friday 17 February 2006 20:09, Henry B. Hotz wrote: > On Feb 12, 2006, at 1:24 PM, Martijn Dekkers wrote: > > Achim Grolms <achim <at> grolmsnet.de> writes: > >> On Saturday 11 February 2006 18:19, Martijn Dekkers wrote: > >>> HTTP/sso.complinet.local <at> COMPLINET.LOCAL > > > > 3 HTTP/spnego.complinet.local@COMPLINET.LOCAL (DES cbc mode with > > RSA-MD5) > > sso != spnego > > Don't look like they match to me. > > The name you use must match what you get from a reverse lookup of the > IP number. Thats what I wrote. "nslookup spnego.complinet.local and nslookup resultingipaddress, send both back" > CNAME's and virtual hosts don't count. CNAMEs work if the name in keytab is the canonical hostname. Achim |