Fixing “Wrong principal in request” in Kerberos 5

krb5_newrealm doesn’t seem to add enough lines to /etc/krb5.conf. To fix this, add the following lines to /etc/krb5.conf on all machines participating in the realm. My local realm is LAN, but substitute your own. The new lines will be in bold, the existing lines should already exist, if they don’t, add them.

[realms]
   LAN = {
     kdc = infinity.lan
     admin_server = infinity.lan
     default_domain = lan
   }

[domain_realm]
   .lan = LAN
   lan = LAN

All hosts/servers participating in the realm that offer Kerberized services should have a FQDN that ends in your realm’s domain name (.lan in my case).

Written by

Patrick McFarland

Open Source software architect and technologist. He's just this guy, you know? Follow him him on Google+.

Published in

Ad Terras Per Aspera

Transmissions from the Little Blue Marble

Published November 28th, 2012

Ad Terras Per Aspera

Fixing “Wrong principal in request” in Kerberos 5

Comments