adcli creates wrong kerberos keytab entry with uppercase HOST
Issue
When joining a RHEL7 server to a Microsoft Active Directory with the adcli command, the kerberos keytab file with the corresponding service principals is created incorrectly. Connecting e.g. using SSH with Kerberos GSSAPI fails:
# ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=gssapi-with-mic root@host.mydomain.com
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
This is the generated entry:
HOST/host.mydomain.com@MYDOMAIN.COM
But it works only with service principal entrys like this in the kerberos key tab file:
host/host.mydomain.com@MYDOMAIN.COM
This seems to be a lower/upper-case problem of the service part of the service principal in the kerberos keytab file.
Environment
- Red Hat Enterprise Linux 7
- Active Direcotry
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.