Hi Glenn, Greg,
Thanks for your input.
I’ve now done some debugging with Wireshark and found what I believe to be
the smoking gun:
So it looks like the client is sending
oc-10-252-134-51.nat-ucfc2z3b.usdv1.mycloud.com
as the SnameString (presumably the SPN), when it should be sending:
d59407.
On 05/15/2017 06:43 AM, Matt Darwin wrote:
> So it looks like the client is sending
>
> oc-10-252-134-51.nat-ucfc2z3b.usdv1.mycloud.com
>
> as the SnameString (presumably the SPN), when it should be sending:
>
> d59407.ddapoc.ucfc2z3b.usdv1.mycloud.com
I don't appear to have access to your DNS
I would work to get forward/reverse DNS consistent rather than attempting
to configure around this.
But for reference's sake, the JGSS catalogs its supported settings is here:
"Supported krb5.conf Settings"
http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/jgss-api-mechanism.html
