adcli creates wrong kerberos keytab entry with uppercase HOST

Solution Verified - Updated -


When joining a RHEL7 server to a Microsoft Active Directory with the adcli command, the kerberos keytab file with the corresponding service principals is created incorrectly. Connecting e.g. using SSH with Kerberos GSSAPI fails:

# ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=gssapi-with-mic
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

This is the generated entry:


But it works only with service principal entrys like this in the kerberos key tab file:


This seems to be a lower/upper-case problem of the service part of the service principal in the kerberos keytab file.


  • Red Hat Enterprise Linux 7
  • Active Direcotry

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content