[33347] in Kerberos
Re: Multiple hostnames with same IP address (DNS A record)
daemon@ATHENA.MIT.EDU (petesea@bigfoot.com)
Wed Apr 27 15:18:07 2011
Date: Wed, 27 Apr 2011 12:18:00 -0700 (PDT)
From: petesea@bigfoot.com
To: kerberos@mit.edu
In-Reply-To: <20110427180238.GA8524@talktalkplc.com>
Message-ID: <alpine.OSX.2.00.1104271133540.782@nikto-air>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, 27 Apr 2011, Brian Candler wrote:
> I suggest you try having only have a single PTR record, to whatever is
> the "primary" hostname.
>
> However what you've done would be acceptable if the machine was
> multi-homed (with two different IP addresses):
Yes... both are possible options. Unfortunately I don't control the DNS
and I'm told the DNS is "correct". I'm trying to convince those that
control the DNS something needs to change, but that's really just a
work-around. It's not addressing my real question...
I'm trying to understand WHY this doesn't work given the current
situation, ie, 2 hostnames and 1 IP address.
If it works from an OS X client, why doesn't it work from a linux client?
> > There are "host" principals for both hostnames in /etc/krb5.keytab
>
> Do they have the same key? (Again, it shouldn't matter when
> GSSAPIStrictAcceptorCheck is no, but just a thought)
The same "key"? Not sure what you mean. They are completely separate
host principals but they are in the same keytab. This is how I've done it
for a true multi-homed host (ie separate IP addresses) and it works fine.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
