[27295] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Wrong principal in request using virt interface

daemon@ATHENA.MIT.EDU (Edward Murrell)
Mon Jan 29 20:13:51 2007

Message-ID: <45BE9BC5.9090004@dlconsulting.com>
Date: Tue, 30 Jan 2007 14:13:41 +1300
From: Edward Murrell <edward@dlconsulting.com>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <Pine.WNT.4.64.0701291638360.3176@oberon.home.org>
X-SA-Exim-Mail-From: edward@dlconsulting.com
Reply-To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

petesea@bigfoot.com wrote:
>
> Sorry, I guess I wasn't very clear.  The servers aren't KDCs, they are 
> CVS/Subversion servers accessed via OpenSSH using GSSAPI Authentication 
> and GSSAPI Key Exchange.
>
> In the very simplest case we would have 2 hosts -- one for CVS and one 
> for Subversion.  If one of the hosts fails, the service running on that 
> host (eg CVS) can be moved to the other host simply by remounted the 
> filesystem and moving the virtual interface.  From the clients perspective 
> all they will (hopefully) notice is a slight delay, after which the same 
> data will be available via the same hostname and IP address.
Wouldn't it be easier to have both on the same host, and then use
different cnames in the DNS?
Eg, if the machine is called gort.home.org, then have;

cvs.home.org -> gort.home.org (CNAME record)
svn.home.org -> gort.home.org (CNAME record)

gort.home.org -> 192.186.0.2 (A record)
192.168.0.2     -> gort.home.org (RNDS PTR record)

That way you could have all your aliases, and be able to change the machiens easily and not have to deal with multiple IPs.


~Edward

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post