[33345] in Kerberos
Re: Multiple hostnames with same IP address (DNS A record)
daemon@ATHENA.MIT.EDU (Brian Candler)
Wed Apr 27 14:02:50 2011
Date: Wed, 27 Apr 2011 19:02:38 +0100
From: Brian Candler <B.Candler@pobox.com>
To: petesea@bigfoot.com
Message-ID: <20110427180238.GA8524@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <alpine.OSX.2.00.1104261123440.818@nikto-air>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Apr 26, 2011 at 12:41:31PM -0700, petesea@bigfoot.com wrote:
> $ host external.example.com
> external.example.com has address 1.2.3.4
>
> $ host internal.example.com
> internal.example.com has address 1.2.3.4
>
> $ host 1.2.3.4
> 4.3.2.1.in-addr.arpa domain name pointer external.example.com.
> 4.3.2.1.in-addr.arpa domain name pointer internal.example.com.
I suggest you try having only have a single PTR record, to whatever is the
"primary" hostname.
However what you've done would be acceptable if the machine was multi-homed
(with two different IP addresses):
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#kerbdns
So I can't say for sure why it shouldn't work as you have it.
> There are "host" principals for both hostnames in /etc/krb5.keytab
Do they have the same key? (Again, it shouldn't matter when
GSSAPIStrictAcceptorCheck is no, but just a thought)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
