[27289] in Kerberos
Re: Wrong principal in request using virt interface
daemon@ATHENA.MIT.EDU (Christopher D. Clausen)
Mon Jan 29 14:58:03 2007
Message-ID: <048901c743df$bcfe9f40$0100a8c0@CDCHOME>
From: "Christopher D. Clausen" <cclausen@acm.org>
To: <petesea@bigfoot.com>, <kerberos@mit.edu>
Date: Mon, 29 Jan 2007 13:57:38 -0600
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
petesea@bigfoot.com wrote:
> I'm moving the server to a new cluster of RHE hosts that use virtual
> interfaces (eg. eth0:1) to allow for failover to a new host while
> still maintaining the original IP address. On this new system I'm
> getting the following error when I run sshd in debug (-ddd) mode:
>
> Wrong principal in request
>
> I have 2 IP addresses and 2 hostnames associated with the 2 interfaces
> (one of them a virtual interface) on my workstation:
>
> interface hostname ip
> -----------------------------------------
> eth0 gort.home.org 192.168.0.2
> eth0:1 cvs.home.org 192.168.0.200
Can you simply fail-over using the same IP on both interfaces? (I believe there is a bonding module in Linux that can do this.)
I don't think your setup will work b/c Kerberos relies upon proper DNS records for machines and having the machine change its hostname is bad.
<<CDC
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos