# Kerberos



> Mental note to self

Having a host listed in a `listprincs` output isn't enough to
have single-sign-on working.

You have explicitly add it with `ktadd host/your.host.com`

So in my case:

    # kdadmin.local
    ....
    kadmin.local:  addprinc -randkey host/charm.atoom.net
    ...
    kadmin.local:  quit

And then you can do a (on *charm.atoom.net*):

    % kinit
    Password for miekg@ATOOM.NET: 
    % slogin elektron.atoom.net

And have a password-less login to my server.