Hello, I have a program I am trying to set up which tries to authenticate with the principal host\machine-FQDN@REALM using Kerberos.
However, when I run kinit -k, the machine isn't found in the Kerberos database. The reason I think this question belongs here is I used realm join to configure Kerberos, SSSD, and PAM automagically to work with an Active Directory based domain controller. All my domain user accounts are able to get tickets just fine, but the default Kerberos keytab cannot. From what I have read, SSSD is responsible for being the glue between MIT Kerberos (what Linux uses) and Microsoft Kerberos (which Active Directory uses). I am just scratching my head here on how I can get access to the principal used by the machine itself to get Kerberos tickets. Is there a good way to go about this? Is SSSD responsible for this information, or is my domain controller configured incorrectly for this kind of setup? Thank you, Wes Public Content
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
