Client and Service Principal Names

When using SEAM, it is preferable if DNS services are already configured and running on all hosts. If DNS is used, it must be enabled on all systems or on none of them. If DNS is available, then the principal should contain the Fully Qualified Domain Name (FQDN) of each host. For example, if the host name is boston, the DNS domain name is acme.com, and the realm name is ACME.COM, then the principal name for the host should be host/boston.acme.com@ACME.COM. The examples in this book use the FQDN for each host.

For the principal names which include the FQDN of an host, it is important to match the string describing the DNS domain name in /etc/resolv.conf. This string is case-sensitive. SEAM requires that the DNS domain name be in lower case letters, so only lower case letters are used when entering the FQDN for a principal.

SEAM can run without DNS services, but some key functionality, like the ability to communicate to other realms, will not work. If DNS is not configured, then a simple host name can be used as the instance name. In this case the principal would be host/boston@ACME.COM. If DNS is enabled later, all host principals must be deleted and replaced in the KDC database.