pam_krb5: Error Guessing Name of Local Host Principal

Question

When trying to log into a new box setup with pam_krb auth I get the following:

error guessing name of local host principal
TGTR failed verification using keytab: Hostname cannot be canonicalized

This sounds like a DNS verification error of some sort.. Assuming I am on the right track, does anyone know more specifically what it is failing to resolve (client, server, or auth server hostname, PTR lookup)?

score 4 · Accepted Answer · answered Apr 27 '12 at 19:57

4

Creating a DNS A record and PTR record for the server that was showing this error resolved the issue.

answered Apr 27 '12 at 19:57

Kyle Brandt

82,107
71
302
444

http://web.mit.edu/kerberos/www/krb5-latest/krb5-1.10.1/doc/krb5-admin.html#Getting-DNS-Information-Correct – 84104 Apr 27 '12 at 20:51

score 3 · Answer 2 · answered Oct 11 '13 at 16:32

3

Alternately, add

[appdefaults]
  validate = false

to /etc/krb5.conf (credit: http://www.linuxforums.org/forum/red-hat-fedora-linux/183923-rhel5-6-issues-ldap-krb5-authentication.html#post877263)

answered Oct 11 '13 at 16:32

fche

291
2
5

pam_krb5: Error Guessing Name of Local Host Principal

2 Answers2