Ingres 11.0 | Service Principal Host Name Resolution

Security Guide > Security Guide > A. Configuring Ingres to Use Kerberos > Service Principal Host Name Resolution

Was this helpful?

Service Principal Host Name Resolution

The KDC will not resolve the fully qualified host name (FQDN) correctly (even though you specify it on the Configuration-By-Forms domain parameter (see domain Parameter--Specify Domain Name) unless it resolves the host name passed from the client as the FQDN.

The FQDN is picked up from your network configuration (rather than the config.dat setting) when the Kerberos driver calls gss.init.sec..context(). Often the unqualified host name is passed to the KDC, and gss.init.sec..context() fails.

To ensure that the KDC can resolve the fully qualified host name

UNIX and Linux:

Edit the local host file with the FQDN and not the alias for your local host as the first entry. The file is /etc/hosts and often looks like this:

# Syntax:

# IP-Address Full-Qualified-Hostname Short-Hostname

127.0.0.1 localhost

nn.nn.nn.nn myhost.mydomain.com myhost

VMS:

Use the TCPIP utility:

$ tcpip

TCPIP> show hosts

LOCAL database

Host address Host name

127.0.0.1 localhost

nn.nn.nn.nn myhost.mydomain.com myhost

For details on configuration of the local hosts file, see your system administrator.

Last modified date: 01/30/2023