[37359] in Kerberos
Re: kprop with multiple or NATted IP address
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Wed Dec 23 16:13:44 2015
Date: Wed, 23 Dec 2015 16:13:21 -0500 (EST)
From: Benjamin Kaduk <kaduk@mit.edu>
To: Jerry Shipman <jes59@cornell.edu>
In-Reply-To: <1ADEB9DB-6522-4BDF-992C-E9E4B95F237B@cornell.edu>
Message-ID: <alpine.GSO.1.10.1512231612250.26829@multics.mit.edu>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED;
boundary="-559023410-971594542-1450905173=:26829"
Content-ID: <alpine.GSO.1.10.1512231613020.26829@multics.mit.edu>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Errors-To: kerberos-bounces@mit.edu
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
---559023410-971594542-1450905173=:26829
Content-Type: TEXT/PLAIN; charset=ISO-8859-7
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID: <alpine.GSO.1.10.1512231613021.26829@multics.mit.edu>
On Wed, 23 Dec 2015, Jerry Shipman wrote:
> I think that kpropd is trying to look up the hostname of the master in DN=
S, and seeing the public IP, instead of the private IP which the connection=
is coming from, and then aborting because of that mismatch (or something l=
ike that).
> On a lark I tried adding the master=A2s hostname with its private address=
to /etc/hosts on the slave, but it didn=A2t immediately seem to help.
Did you try setting rdns =3D false in the [libdefaults] of the krb5.conf on
both machines? (You did not specify which version(s) of krb5 were
involved; that features is somewhat new.)
-Ben
---559023410-971594542-1450905173=:26829
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
---559023410-971594542-1450905173=:26829--
