Ex: RE: Using scoped attributes as the C14N subject

Paul B. Henson henson at cpp.edu
Wed Aug 17 03:51:23 UTC 2022

On Tue, Aug 16, 2022 at 08:10:06PM +0000, Wessel, Keith via users wrote:

> username to Shib for Kerberos authentication, but it always returns a
> Java "Cannot locate KDC" error, even if the part after the at-sign
> matches a realm or domain in krb5.conf.

Matches including case? Kerberos realms are case sensitive:

        EXAMPLE.COM = {
               kdc = kdc.example.com

$ kinit test at example.com
kinit: Cannot find KDC for realm "example.com" while getting initial

$ kinit test at EXAMPLE.COM
kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting
initial credentials

(The first one fails because of mismatched case, the second fails cause
obviously there's no actual kdc at kdc.example.com)

Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  henson at cpp.edu
California State Polytechnic University  |  Pomona CA 91768

More information about the users mailing list