Thanks Ralf, sadly things look OK to me. Did I typo something?? haha forward and reverse DNS are correct for this host (petey), too. As far as I can tell Kerberos stuff is set up as usual. root@petey:~# klist -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 libvirt/petey.mydomain.com@xxxxxxxxxxxxxxxx 2 libvirt/petey.mydomain.com@xxxxxxxxxxxxxxxx 2 libvirt/petey.mydomain.com@xxxxxxxxxxxxxxxx 2 libvirt/petey.mydomain.com@xxxxxxxxxxxxxxxx -adam On Wed, Jun 30, 2010 at 07:37, Ralf Hornik Mailings <ralf@xxxxxxxxxxxxxxxxx> wrote: > Adam Gray <adam@xxxxxxxxxxxxx> schreibte: > >> libvirt/my.fully.qualified.domain@xxxxxxxxxxxx (has a dash fwiw) and >> pointed SASL2 and libvirt at /etc/krb5.keytab > > What tells your KDC? > > Have a look at > > klist -t /etc/krb5.keytab > > and look whether the principals match (e.g LIBVIRT/domain is not equal > libvirt/domain > > Ralf > > >
