Bug 84749 - Use 'host/fqdn@REALM' instead of 'HOST/fqdn@REALM'
Summary: Use 'host/fqdn@REALM' instead of 'HOST/fqdn@REALM'
Alias: None
Product: realmd
Classification: Unclassified
Component: adcli (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Stef Walter
QA Contact:
Depends on:
Reported: 2014-10-07 11:56 UTC by Stef Walter
Modified: 2015-09-29 15:47 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:

Use "host/fqdn@REALM" as default SPN instead of "HOST/fqdn@REALM" (1.04 KB, patch)
2014-10-07 11:58 UTC, Stef Walter
Details | Splinter Review

Description Stef Walter 2014-10-07 11:56:24 UTC
In adcli we should use 'host/fqdn@REALM' instead of 'HOST/fqdn@REALM' as one of our our default SPNs. AD doesn't care much about case sensitivity but openssh sshd does.
Comment 1 Stef Walter 2014-10-07 11:58:41 UTC
Created attachment 107484 [details] [review]
Use "host/fqdn@REALM" as default SPN instead of "HOST/fqdn@REALM"

Windows doesn't care, as it's mostly case insensitive, but sshd
does care here.
Comment 2 Stef Walter 2014-10-08 19:24:13 UTC
Attachment 107484 [details] pushed as ec132a3 - Use "host/fqdn@REALM" as default SPN instead of "HOST/fqdn@REALM"
Comment 3 Stef Walter 2014-10-08 19:24:32 UTC
Double checked with Simo Sorce on IRC.
Comment 4 John Beranek 2015-09-29 15:28:48 UTC
[Apologies for commenting on a old, closed bug - let me know if an alternative path is preferable]

Just hit this bug by updating our CentOS 6 server build process to use adcli to join the AD domain.

Using the EPEL6 version of adcli 0.7.3, adcli builds a keytab with:


While SSSD works with this keytab, openssh-server does not work with GSSAPI login using it.

What would be required to get a fixed version of adcli released into EPEL6?

Would a new release (0.7.6) be possible, and would this be acceptable for EPEL6?
Comment 5 John Beranek 2015-09-29 15:47:09 UTC
Partially answered my own question, raised a bug in EPEL:


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.