当我klist
通过 ssh 连接到使用 Kerberos 的实例后运行一个时,我获得了主体的 TGS host/vmtest001
,但是,为什么我会得到两个 TGS,其中一个在分隔符后没有 REALM @
?
以下是输出klist
:
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: [email protected]
Valid starting Expires Service principal
06/13/21 21:05:00 06/14/21 07:05:00 krbtgt/[email protected]
renew until 06/14/21 21:04:59
06/13/21 21:05:03 06/14/21 07:05:00 host/vmtest001@
renew until 06/14/21 21:04:59
06/13/21 21:05:03 06/14/21 07:05:00 host/[email protected]
renew until 06/14/21 21:04:59
答案1
将其添加到您的/etc/krb5.conf
明确定义领域的域中:
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM