[27290] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Wrong principal in request using virt interface

daemon@ATHENA.MIT.EDU (petesea@bigfoot.com)
Mon Jan 29 17:40:02 2007

Date: Mon, 29 Jan 2007 14:37:19 -0800 (Pacific Standard Time)
From: petesea@bigfoot.com
In-reply-to: <048901c743df$bcfe9f40$0100a8c0@CDCHOME>
To: "Christopher D. Clausen" <cclausen@acm.org>
Message-id: <Pine.WNT.4.64.0701291429030.3176@oberon.home.org>
MIME-version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Mon, 29 Jan 2007, Christopher D. Clausen wrote:

> petesea@bigfoot.com wrote:
>
>> I'm moving the server to a new cluster of RHE hosts that use virtual 
>> interfaces (eg. eth0:1) to allow for failover to a new host while still 
>> maintaining the original IP address.  On this new system I'm getting 
>> the following error when I run sshd in debug (-ddd) mode:
>>
>>   Wrong principal in request
>>
>> I have 2 IP addresses and 2 hostnames associated with the 2 interfaces 
>> (one of them a virtual interface) on my workstation:
>>
>>   interface   hostname        ip
>>   -----------------------------------------
>>   eth0        gort.home.org   192.168.0.2
>>   eth0:1      cvs.home.org    192.168.0.200
>
> Can you simply fail-over using the same IP on both interfaces?  (I 
> believe there is a bonding module in Linux that can do this.)

The point of the virt interface is so it can be moved to a different host. 
If the virt interface has the same IP as the real interface, then it 
couldn't be moved to another host.  In other words, the "fail-over" is to 
fail over to a completely separate host, not a separate interface on the 
same host.

> I don't think your setup will work b/c Kerberos relies upon proper DNS 
> records for machines and having the machine change its hostname is bad.

But the hostname AND IP don't change... not even if the virt interface is 
moved to a new host.

Or do you mean the hostname the host knows itself as vs the hostname 
returned for a reverse DNS lookup of the IP associated with the virt 
interface?
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post