Groups | Search | Server Info | Login | Register
Groups > comp.protocols.kerberos > #5395
| From | Stefan Kania <stefan@kania-online.de> |
|---|---|
| Newsgroups | comp.protocols.kerberos |
| Subject | Re: spn alias |
| Date | 2025-03-09 16:57 +0100 |
| Organization | Stefan Kania |
| Message-ID | <mailman.173.1741535851.2322.kerberos@mit.edu> (permalink) |
| References | (2 earlier) <CALF+FNwB=07CbW5Do4E+C-C6D8T3bXhUX4PMHbkdnwGT9ewXfw@mail.gmail.com> <202503070110.5271AcT0029382@hedwig.cmf.nrl.navy.mil> <6893835c-f79b-4e13-bb25-9c872b5e77b1@kania-online.de> <202503082023.528KNT2H018323@hedwig.cmf.nrl.navy.mil> <6e7cdf29-47ee-4ef8-b5bf-40d1bef219ac@kania-online.de> |
[Multipart message — attachments visible in raw view] - view raw
Am 08.03.25 um 21:23 schrieb Ken Hornstein: >>> If you are using MIT Kerberos (anything 1.10 or newer) on the >>> LDAP server, you can use the krb5.conf configuration entry >>> "ignore_acceptor_hostname" to allow the server to match on any valid >>> hostname. See details here: >> >> Hi Ken, >> >> that did it. Thank you. Now we get the ticket trough the loadbalancer. >> But OpenLDAP is complaining about the name of the principal is not >> matching the fqd. WE now will go the way without the load balancer. We >> will use SRV-records. > > Hm, _OpenLDAP_ is complaining? Are you sure? Like, how does it even know? > Exactly what error are you getting? > > --Ken KRB5_TRACE=/dev/stdout kinit <principal> is showing that I connect to the LDAP-Server and the LDAP-server is responding and sending me a service-ticket I can see with "klist". But then I got an err=49 from the LDAP-Server. I can see it in the log of the LDAP-Server.
Back to comp.protocols.kerberos | Previous | Next | Find similar
Re: spn alias Stefan Kania <stefan@kania-online.de> - 2025-03-09 16:57 +0100
csiph-web