| Summary: | Use 'host/fqdn@REALM' instead of 'HOST/fqdn@REALM' | ||
|---|---|---|---|
| Product: | realmd | Reporter: | Stef Walter <stefw> |
| Component: | adcli | Assignee: | Stef Walter <stefw> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | medium | CC: | john, stefw |
| Version: | unspecified | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: | Use "host/fqdn@REALM" as default SPN instead of "HOST/fqdn@REALM" | ||
|
Description
Stef Walter
2014-10-07 11:56:24 UTC
Created attachment 107484 [details] [review] Use "host/fqdn@REALM" as default SPN instead of "HOST/fqdn@REALM" Windows doesn't care, as it's mostly case insensitive, but sshd does care here. Attachment 107484 [details] pushed as ec132a3 - Use "host/fqdn@REALM" as default SPN instead of "HOST/fqdn@REALM"
Double checked with Simo Sorce on IRC. [Apologies for commenting on a old, closed bug - let me know if an alternative path is preferable] Just hit this bug by updating our CentOS 6 server build process to use adcli to join the AD domain. Using the EPEL6 version of adcli 0.7.3, adcli builds a keytab with: HOST/servername.example.com@EXAMPLE.COM While SSSD works with this keytab, openssh-server does not work with GSSAPI login using it. What would be required to get a fixed version of adcli released into EPEL6? Would a new release (0.7.6) be possible, and would this be acceptable for EPEL6? Partially answered my own question, raised a bug in EPEL: https://bugzilla.redhat.com/show_bug.cgi?id=1267319 |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.