Service Principal Host Name Resolution
The KDC will not resolve the fully qualified host name (FQDN) correctly (even though you specify it on the Configuration-By-Forms
domain parameter (see
domain Parameter--Specify Domain Name) unless it resolves the host name passed from the client as the FQDN.
The FQDN is picked up from your network configuration (rather than the config.dat setting) when the Kerberos driver calls gss.init.sec..context(). Often the unqualified host name is passed to the KDC, and gss.init.sec..context() fails.
To ensure that the KDC can resolve the fully qualified host name
In the Linux environment, edit the local host file with the FQDN and not the alias for your local host as the first entry. The file is /etc/hosts and often looks like this:
# Syntax:
#
# IP-Address Full-Qualified-Hostname Short-Hostname
#
127.0.0.1 localhost
nn.nn.nn.nn myhost.mydomain.com myhost