When I run the command kadmin.local -q "addprinc admin/admin"
it adds the realm to the end of user. So admin/admin
becomes admin/[email protected]
This is what I ran. Any suggestions would be awesome.
root@directory:~# kadmin.local -q "addprinc admin/admin"
Authenticating as principal root/[email protected] with password.
WARNING: no policy specified for admin/[email protected]; defaulting to no policy
Enter password for principal "admin/[email protected]":
Re-enter password for principal "admin/[email protected]":
Principal "admin/[email protected]" created.
root@directory:~# kadmin.local -q "addprinc -randkey kadmin/directory.lbox.com"
Authenticating as principal root/[email protected] with password.
WARNING: no policy specified for kadmin/[email protected]; defaulting to no policy
add_principal: Principal or policy already exists while creating "kadmin/[email protected]".
root@directory:~# /etc/init.d/krb5-admin-server restart
This is expected behavior and is necessary. Kerberos principals don't exist in the void but always have a realm. It is conventional that Kerberos realms be uppercase versions of the domain they correspond with, but is not required. You may include whatever realms you wish to in your kdc's database(s). The trick is making sure the authentication requests make it to the appropriate location(s).
(A ticket may be anonymous, but that's a whole different topic.)