[27292] in Kerberos
Re: Wrong principal in request using virt interface
daemon@ATHENA.MIT.EDU (Christopher D. Clausen)
Mon Jan 29 18:01:10 2007
Message-ID: <06b801c743f9$4cca9110$0100a8c0@CDCHOME>
From: "Christopher D. Clausen" <cclausen@acm.org>
To: <petesea@bigfoot.com>
Date: Mon, 29 Jan 2007 17:00:32 -0600
Cc: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
petesea@bigfoot.com wrote:
> On Mon, 29 Jan 2007, Christopher D. Clausen wrote:
>> petesea@bigfoot.com wrote:
>>
>>> I'm moving the server to a new cluster of RHE hosts that use virtual
>>> interfaces (eg. eth0:1) to allow for failover to a new host while
>>> still maintaining the original IP address. On this new system I'm
>>> getting the following error when I run sshd in debug (-ddd) mode:
>>>
>>> Wrong principal in request
>>>
>>> I have 2 IP addresses and 2 hostnames associated with the 2
>>> interfaces (one of them a virtual interface) on my workstation:
>>>
>>> interface hostname ip
>>> -----------------------------------------
>>> eth0 gort.home.org 192.168.0.2
>>> eth0:1 cvs.home.org 192.168.0.200
>>
>> Can you simply fail-over using the same IP on both interfaces? (I
>> believe there is a bonding module in Linux that can do this.)
>
> The point of the virt interface is so it can be moved to a different
> host. If the virt interface has the same IP as the real interface,
> then it couldn't be moved to another host. In other words, the
> "fail-over" is to fail over to a completely separate host, not a
> separate interface on the same host.
Sorry, I think I'm missing something... These are NOT Kerberos KDCs are
they?
You are trying to have a clustered service that uses Kerberos for SSH?
And can essentially be treated a multi-homed system?
Do you have proper A and PTR records for both names? What does your
/etc/hosts file look like? What does hostname -f return on your system?
<<CDC
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos