I'm fairly new to UNIX-land, and one of my first assigned tasks was to try to set up Kerberos authentication on an unused partition. Hopefully everything makes sense, but please let me know if any clarification is needed with any of it.
AIX 7.1, and while I found various docs on the subject, a lot of them are different. That said, I've tried various methods without success. As it sits, the packages are installed, the krb5.conf file is populated with the usual info, the new keytab is merged with krb5.keytab, I've tried various enctypes (based on different docs) etc. When I do anything at all, the logs remain empty, although they exist.
When I try to generate a ticket, below is the result.
#/usr/krb5/bin/kinit PassLine@HDQ.123.COM
Password for PassLine@HDQ.123.COM:
root@ unused01 /etc
#/usr/krb5/bin/klist
Ticket cache: FILE:/var/krb5/security/creds/krb5cc_0
Default principal: PassLine@HDQ.123.COM
Valid starting Expires Service principal
10/21/13 11:21:52 10/21/13 21:22:10 krbtgt/HDQ.123.COM@HDQ.123.COM
Renew until 10/21/13 21:21:52
root@ unused01 /etc
#/usr/krb5/bin/kinit PassLine@LDAP.123.COM
Unable to obtain initial credentials.
Status 0x96c73adc - Cannot resolve network address for KDC in requested realm.
When I created a user and set authentication methods to KRB5files, I wasn't able to log in. The server is on ABC.123.com and it only seems to be able to hit HDQ.123.com (kinit fails against all domains except HDQ.) The AD admins asked me to use the LDAP.123.com alias.
I don't know if perhaps this is an issue with /etc/resolv.conf or if I have something outright wrong elsewhere.
Let me know what information is needed, and I'll provide it. I suppose I didn't want to clutter the OP with "unnecessary" config files and such, but will certainly post anything needed.
Thanks!