How to replace the domain during login, the kerberos on centos?

Welcome!

Custom domain authorization for CentOS 6.10.
Our domain is: very.long.domain.name. For simplicity, for users is configured ' authorization form username@company.name.

Authorization works great for very.long.domain.name:
#kinit UserName@VERY.LONG.DOMAIN.NAME
or easier
#kinit UserName

However
#kinit username@company.name
returns
kinit: Realm not local to KDC while getting initial credentials.


the keytab create command:
ktpass -out file.keytab -princ HTTP/company.name@VERY.LONG.DOMAIN.NAME -mapuser UDUSER@VERY.LONG.DOMAIN.NAME -mapOp set-pass ******* -ptype KRB5_NT_PRINCIPAL -crypto AES256-SHA1

Our configuration
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = VERY.LONG.DOMAIN.NAME 
default_keytab_name = FILE:/opt/config/file.keytab 
dns_lookup_realm = true 
dns_lookup_kdc = true 
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[realms]
VERY.LONG.DOMAIN.NAME = {
default_domain = company.name 
kdc = kdc01.very.long.domain.name
kdc = kdc02.very.long.domain.name
kdc = kdc03.very.long.domain.name
admin_server = adminserver.very.long.domain.name
}

[domain_realm] 
.VERY.LONG.DOMAIN.NAME = VERY.LONG.DOMAIN.NAME 
VERY.LONG.DOMAIN.NAME = VERY.LONG.DOMAIN.NAME 
.very.long.domain.name = VERY.LONG.DOMAIN.NAME 
very.long.domain.name = VERY.LONG.DOMAIN.NAME 
.company.name = VERY.LONG.DOMAIN.NAME 
company.name = VERY.LONG.DOMAIN.NAME
0 answer

Find more questions by tags KerberosCentOSRed Hat Enterprise LinuxActive DirectoryLinux