Thanks for the suggestion! I was using the stock version of SSH, after installing the Centrify-enhansed version of SSH I was able to sucessfully logon to the RHEL instance using the UPN.
Using the stock version of SSH on RHEL:
Using Kerberos authentication Using principal username@CHILD.DOMAIN.ME Got host ticket host/servername.child.domain.me@CHILD.DOMAIN.ME login as username@CHILD.DOMAIN.ME Kerberos authentication failed. Please check 1) Unix login name is correct 2) Target service principal name is correct 3) Kerberos authentication is enabled in SSH server 4) Clock in the host is syncrhonized with the clock in AD
Using the Centrify-enhanced version of SSH
Using Kerberos authentication Using principal username@CHILD.DOMAIN.ME Got host ticket host/servername.child.domain.me@CHILD.DOMAIN.ME login as username@CHILD.DOMAIN.ME Successful Kerberos connection S Kernel 3.10.0-327.el7.x86_64 on an x86_64 Created home directory [username@servername ~]$
After I uninstall this version of SSH, I can still logon using the UPN for the existing user but any other user who hasn't logged yet still gets the error. I'm curious as to if there's anything we can do to configure the stock version of SSH to allow logon via the UPN, but unless anyone knows of a quick fix I'll just let it go.
Thanks for your help!