(Illustration by Gaich Muramatsu)
Greetings all: >> Please feel free to make the assumption that I have false >> understandings. If "KERBEROS.REALM" is stated, but from syntax it >> should be "coda.realm", please correct me. > > Yes, it should be "codaaccount_at_coda.realm", not otherwise. Ok, I tried changing the clog to: [root_at_sandbox3 ~]# clog \ -method kerberos5 coda_admin_user_at_coda.realm \ -tokenserver sandbox2.host.domain 370 \ -krealm KERBEROS.REALM \ -kdc sandbox2.host.domain \ -servprinc coda/coda.realm Basically, the method user_at_realm was changed to the coda realm from the kerberos realm. Also, the servprinc was changed to the coda.realm from sandbox2.host.domain. Does this appear sane? Key points in this email: *) The only keytab used by coda inherently is on coda server hosts: /vice/db/krb5.keytab *) The keytab need only maintain the service principle for: codaauth/coda.realm_at_KERBEROS.REALM The discourse on host/ vs coda/ vs codaauth/ ended with a misunderstanding. This subject is not important, please disregard. The discourse on coda/kerberos auth related definitions and "kerberos basics" also ended in misunderstanding. It may also be disregarded. Regards, -Don {void}Received on 2010-01-20 21:07:14