[2724] in Kerberos
Kerberos master on machines with multiple networks
daemon@ATHENA.MIT.EDU (Holtzman, Donn)
Fri Jun 4 23:22:32 1993
Date: Fri, 04 Jun 93 16:08:26 pst
From: "Holtzman, Donn" <harvard!scubed!frick.sandiego.ncr.com!Donn.Holtzman@eddie.mit.edu>
To: athena.mit.edu!kerberos@eddie.mit.edu
Hi,
I'm trying to setup a system where the Kerberos master server runs on
a machine with multiple network connections, lan-1 and lan-2. The
system will have multiple slave servers, some connected to lan-1 while
others access the master via lan 2. My /etc/hosts file on the master
machine has an entry for the machine name, uname, corresponding to its
lan-1 address. I'm running Kerberos 4.9 on SVR4 systems using WIN-TCP.
Hence we are running sockets on top of TLI.
I've had test programs fail in krb_rd_priv because the IP address in
the message (uname/lan-1) doesn't match the IP address of the actual
connection via lan-2. I'm concerned that utilities such as kprop will
fail for slaves running on lan-2 because the IP address in messages
sent by the master node will be its lan-1 address and the slave node
will obtain the lan-2 address for the connection.
What are the rules for deploying Kerberos V4 on systems with multiple
networks? Does the master server have to reside on a node with only a
single network access so that uname will reliably map to the machines
IP address? What about slaves nodes?
Any help will be greatly appreciated.
Thanks,
--
Donn Holtzman
NCR LCPD San Diego
Donn.Holtzman@SanDiegoCA.NCR.COM
