[27289] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Wrong principal in request using virt interface

daemon@ATHENA.MIT.EDU (Christopher D. Clausen)
Mon Jan 29 14:58:03 2007

Message-ID: <048901c743df$bcfe9f40$0100a8c0@CDCHOME>
From: "Christopher D. Clausen" <cclausen@acm.org>
To: <petesea@bigfoot.com>, <kerberos@mit.edu>
Date: Mon, 29 Jan 2007 13:57:38 -0600
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

petesea@bigfoot.com wrote:
> I'm moving the server to a new cluster of RHE hosts that use virtual
> interfaces (eg. eth0:1) to allow for failover to a new host while
> still maintaining the original IP address.  On this new system I'm
> getting the following error when I run sshd in debug (-ddd) mode:
> 
>   Wrong principal in request
> 
> I have 2 IP addresses and 2 hostnames associated with the 2 interfaces
> (one of them a virtual interface) on my workstation:
> 
>   interface   hostname        ip
>   -----------------------------------------
>   eth0        gort.home.org   192.168.0.2
>   eth0:1      cvs.home.org    192.168.0.200

Can you simply fail-over using the same IP on both interfaces?  (I believe there is a bonding module in Linux that can do this.)

I don't think your setup will work b/c Kerberos relies upon proper DNS records for machines and having the machine change its hostname is bad.

<<CDC

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post