Thanks Ralf, sadly things look OK to me. Did I typo something?? haha forward and reverse DNS are correct for this host (petey), too. As far as I can tell Kerberos stuff is set up as usual. root@petey:~# klist -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 libvirt/petey.mydomain.com@MYDOMAIN-INC.COM 2 libvirt/petey.mydomain.com@MYDOMAIN-INC.COM 2 libvirt/petey.mydomain.com@MYDOMAIN-INC.COM 2 libvirt/petey.mydomain.com@MYDOMAIN-INC.COM -adam On Wed, Jun 30, 2010 at 07:37, Ralf Hornik Mailings <ralf@best.homeunix.org> wrote:
Adam Gray <adam@meebo-inc.com> schreibte:
libvirt/my.fully.qualified.domain@MY-REALM.COM (has a dash fwiw) and pointed SASL2 and libvirt at /etc/krb5.keytab
What tells your KDC?
Have a look at
klist -t /etc/krb5.keytab
and look whether the principals match (e.g LIBVIRT/domain is not equal libvirt/domain
Ralf