I have a program I am trying to set up which tries to authenticate with the
principal host\machine-FQDN@REALM using Kerberos.
However, when I run kinit -k, the machine isn't found in the Kerberos
The reason I think this question belongs here is I used realm join to
configure Kerberos, SSSD, and PAM automagically to work with an Active
Directory based domain controller. All my domain user accounts are able to
get tickets just fine, but the default Kerberos keytab cannot. From what I
have read, SSSD is responsible for being the glue between MIT Kerberos (what
Linux uses) and Microsoft Kerberos (which Active Directory uses).
I am just scratching my head here on how I can get access to the principal
used by the machine itself to get Kerberos tickets. Is there a good way to
go about this? Is SSSD responsible for this information, or is my domain
controller configured incorrectly for this kind of setup?
Show replies by date