[27290] in Kerberos
Re: Wrong principal in request using virt interface
daemon@ATHENA.MIT.EDU (petesea@bigfoot.com)
Mon Jan 29 17:40:02 2007
Date: Mon, 29 Jan 2007 14:37:19 -0800 (Pacific Standard Time)
From: petesea@bigfoot.com
In-reply-to: <048901c743df$bcfe9f40$0100a8c0@CDCHOME>
To: "Christopher D. Clausen" <cclausen@acm.org>
Message-id: <Pine.WNT.4.64.0701291429030.3176@oberon.home.org>
MIME-version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, 29 Jan 2007, Christopher D. Clausen wrote:
> petesea@bigfoot.com wrote:
>
>> I'm moving the server to a new cluster of RHE hosts that use virtual
>> interfaces (eg. eth0:1) to allow for failover to a new host while still
>> maintaining the original IP address. On this new system I'm getting
>> the following error when I run sshd in debug (-ddd) mode:
>>
>> Wrong principal in request
>>
>> I have 2 IP addresses and 2 hostnames associated with the 2 interfaces
>> (one of them a virtual interface) on my workstation:
>>
>> interface hostname ip
>> -----------------------------------------
>> eth0 gort.home.org 192.168.0.2
>> eth0:1 cvs.home.org 192.168.0.200
>
> Can you simply fail-over using the same IP on both interfaces? (I
> believe there is a bonding module in Linux that can do this.)
The point of the virt interface is so it can be moved to a different host.
If the virt interface has the same IP as the real interface, then it
couldn't be moved to another host. In other words, the "fail-over" is to
fail over to a completely separate host, not a separate interface on the
same host.
> I don't think your setup will work b/c Kerberos relies upon proper DNS
> records for machines and having the machine change its hostname is bad.
But the hostname AND IP don't change... not even if the virt interface is
moved to a new host.
Or do you mean the hostname the host knows itself as vs the hostname
returned for a reverse DNS lookup of the IP associated with the virt
interface?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos