If kerberos principal aliases are added to an entry, AS requests that do not request canonicalization receive back a CLIENT_NOT_FOUND error.
I tested this by adding a second principal with a different case to my ipa server host/ entry and also adding the canon name.
Example:
krbPrincipalName: host/server.example.com@EXAMPLE.COM krbPrincipalName: HOST/server.example.com@EXAMPLE.COM krbCanonicalName: host/server.example.com@EXAMPLE.COM "kinit -kt /etc/krb5.keytab" fails "kinit -C -kt /etc/krb5.keytab" succeeds
Both should succeed when using the default name.
Merge KDC LDAP components to one.
Metadata Update from @simo: - Issue assigned to someone - Issue set to the milestone: Future Releases
Login to comment on this ticket.