[33349] in Kerberos
Re: Multiple hostnames with same IP address (DNS A record)
daemon@ATHENA.MIT.EDU (Dan Peterson)
Wed Apr 27 15:57:03 2011
Date: Wed, 27 Apr 2011 11:29:29 -0700 (PDT)
From: Dan Peterson <dbpete@frontier.com>
To: kerberos@mit.edu
In-Reply-To: <20110427180238.GA8524@talktalkplc.com>
Message-ID: <alpine.OSX.2.00.1104271116550.782@nikto-air>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, 27 Apr 2011, Brian Candler wrote:
> I suggest you try having only have a single PTR record, to whatever is
> the "primary" hostname.
>
> However what you've done would be acceptable if the machine was multi-homed
> (with two different IP addresses):
Yes... both are possible options. Unfortunately I don't control the DNS
and I'm told the DNS is "correct". I'm trying to convince those that
control the DNS something needs to change, but that's really just a
work-around. It's not addressing my real question...
I'm trying to understand WHY this doesn't work given the current
situation, ie, 2 hostnames and 1 IP address.
If it works from an OS X client, why doesn't it work from a linux client?
>> There are "host" principals for both hostnames in /etc/krb5.keytab
>
> Do they have the same key? (Again, it shouldn't matter when
> GSSAPIStrictAcceptorCheck is no, but just a thought)
The same "key"? Not sure what you mean. They are completely separate
host principals but they are in the same keytab. This is how I've done it
for a true multi-homed host (ie separate IP addresses) and it works fine.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
