[27292] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Wrong principal in request using virt interface

daemon@ATHENA.MIT.EDU (Christopher D. Clausen)
Mon Jan 29 18:01:10 2007

Message-ID: <06b801c743f9$4cca9110$0100a8c0@CDCHOME>
From: "Christopher D. Clausen" <cclausen@acm.org>
To: <petesea@bigfoot.com>
Date: Mon, 29 Jan 2007 17:00:32 -0600
Cc: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

petesea@bigfoot.com wrote:
> On Mon, 29 Jan 2007, Christopher D. Clausen wrote:
>> petesea@bigfoot.com wrote:
>>
>>> I'm moving the server to a new cluster of RHE hosts that use virtual
>>> interfaces (eg. eth0:1) to allow for failover to a new host while
>>> still maintaining the original IP address.  On this new system I'm
>>> getting the following error when I run sshd in debug (-ddd) mode:
>>>
>>>   Wrong principal in request
>>>
>>> I have 2 IP addresses and 2 hostnames associated with the 2
>>> interfaces (one of them a virtual interface) on my workstation:
>>>
>>>   interface   hostname        ip
>>>   -----------------------------------------
>>>   eth0        gort.home.org   192.168.0.2
>>>   eth0:1      cvs.home.org    192.168.0.200
>>
>> Can you simply fail-over using the same IP on both interfaces?  (I
>> believe there is a bonding module in Linux that can do this.)
>
> The point of the virt interface is so it can be moved to a different
> host. If the virt interface has the same IP as the real interface,
> then it couldn't be moved to another host.  In other words, the
> "fail-over" is to fail over to a completely separate host, not a
> separate interface on the same host.

Sorry, I think I'm missing something...  These are NOT Kerberos KDCs are 
they?

You are trying to have a clustered service that uses Kerberos for SSH? 
And can essentially be treated a multi-homed system?

Do you have proper A and PTR records for both names?  What does your 
/etc/hosts file look like?  What does hostname -f return on your system?

<<CDC 


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post