Monday, July 23, 2007

More Kerberos Puzzlers

Ok so when trying to kerberos enable another machine for ssh connections things were almost working (getting offered kerberos for authentication by sshd) but connections were always failing with the following error message in the logs:
Jul 17 12:33:46 machine sshd[5020]: debug1: An invalid name was supplied\nHostn
ame cannot be canonicalized\n
Now after looking through pages of google it seemed to be that there was something wrong with the hostname but looking on other machines they had very similar setups and were working correctly. The reason for this message was that I think that kerberos was using the hostname for kerberos and couldn't find an entry for the hostname in DNS. The reason it couldn't find a hostname was the there wasn't a search entry in /etc/resolv.conf specifying the domain to look in, adding search to /etc/resolv.conf fixed the problem and everything worked fine.

Hopefully this post might help someone else from scratching hole in their head. But it would have been much easier to debug if the invalid hostname was logged in the message.

1 comment:

marshyon said...


that was an entry that helped me a lot.

SSH connections were really slow for me from a test host today ( > 10 seconds )

I corrected my DNS settings in resolv.conf as you suggest.

Delays are gone, SSH connections are < a second