Service Principal Host Name Resolution
The KDC will not resolve the fully qualified host name (FQDN) correctly (even though you specify it on the Configuration-By-Forms
domain parameter (see
domain Parameter--Specify Domain Name) unless it resolves the host name passed from the client as the FQDN.
The FQDN is picked up from your network configuration (rather than the config.dat setting) when the Kerberos driver calls gss.init.sec..context(). Often the unqualified host name is passed to the KDC, and gss.init.sec..context() fails.
To ensure that the KDC can resolve the fully qualified host name
UNIX and Linux:
Edit the local host file with the FQDN and not the alias for your local host as the first entry. The file is /etc/hosts and often looks like this:
# Syntax:
#
# IP-Address Full-Qualified-Hostname Short-Hostname
#
127.0.0.1 localhost
nn.nn.nn.nn myhost.mydomain.com myhost
VMS:
Use the TCPIP utility:
$ tcpip
TCPIP> show hosts
LOCAL database
Host address Host name
127.0.0.1 localhost
nn.nn.nn.nn myhost.mydomain.com myhost
For details on configuration of the local hosts file, see your system administrator.
Last modified date: 01/30/2023