Hello,
I have a program I am trying to set up which tries to authenticate with the principal host\machine-FQDN@REALM using Kerberos.
However, when I run kinit -k, the machine isn't found in the Kerberos database.
The reason I think this question belongs here is I used realm join to configure Kerberos, SSSD, and PAM automagically to work with an Active Directory based domain controller. All my domain user accounts are able to get tickets just fine, but the default Kerberos keytab cannot. From what I have read, SSSD is responsible for being the glue between MIT Kerberos (what Linux uses) and Microsoft Kerberos (which Active Directory uses).
I am just scratching my head here on how I can get access to the principal used by the machine itself to get Kerberos tickets. Is there a good way to go about this? Is SSSD responsible for this information, or is my domain controller configured incorrectly for this kind of setup?
Thank you, Wes
Public Content
sssd-users@lists.fedorahosted.org