On Mar 19, 2009, at 12:45, matthew.garr...@external.total.com wrote: > DNS both forward and reverse work fine for the Slave KDC
By "work fine", do you mean that when you look up hutch.uk.ad.ep.corp.local you get an address (or more than one), and when you look up that address, you get back the name hutch.uk.ad.ep.corp.local? Or do you just mean you get a name back? In the default configuration of the MIT code, the name you get back from looking up the address is generally the name that'll be used in constructing a principal name. Does your config file or DNS data indicate that hutch.uk.ad.ep.corp.local is in UK.AD.EP.CORP.LOCAL? Check the log file on the KDC. It should indicate some kprop/* principal being looked up if the host name is coming out wrong, or possibly some krbtgt/* principal if it's coming up with the wrong realm name. Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
