Security Guide > Security Guide > A. Configuring Ingres to Use Kerberos > Service Principal Host Name Resolution
Was this helpful?
Service Principal Host Name Resolution
The KDC will not resolve the fully qualified host name (FQDN) correctly (even though you specify it on the Configuration-By-Forms domain parameter (see domain Parameter--Specify Domain Name) unless it resolves the host name passed from the client as the FQDN.
The FQDN is picked up from your network configuration (rather than the config.dat setting) when the Kerberos driver calls gss.init.sec..context(). Often the unqualified host name is passed to the KDC, and gss.init.sec..context() fails.
To ensure that the KDC can resolve the fully qualified host name
UNIX and Linux:
Edit the local host file with the FQDN and not the alias for your local host as the first entry. The file is /etc/hosts and often looks like this:
# Syntax:
#
# IP-Address Full-Qualified-Hostname Short-Hostname
#
 
127.0.0.1 localhost
nn.nn.nn.nn myhost.mydomain.com myhost
VMS:
Use the TCPIP utility:
$ tcpip
 
TCPIP> show hosts
 
      LOCAL database
 
Host address Host name
 
127.0.0.1 localhost
nn.nn.nn.nn myhost.mydomain.com myhost
For details on configuration of the local hosts file, see your system administrator.
Last modified date: 08/28/2024