[27884] in Kerberos
Re: gssapi auth, and multihomed multinamed hosts
daemon@ATHENA.MIT.EDU (Michael B Allen)
Wed Jun 6 11:55:19 2007
Date: Wed, 6 Jun 2007 11:55:01 -0400
From: Michael B Allen <mba2000@ioplex.com>
To: kerberos@mit.edu
Message-Id: <20070606115501.beb54676.mba2000@ioplex.com>
In-Reply-To: <289E8CBB-BEE7-4F87-BDF9-69D80C519EF8@tpg.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, 6 Jun 2007 19:36:38 +1000
Edward Irvine <eirvine@tpg.com.au> wrote:
> Hi Folks,
>
> I have a Solaris 10 server with two ip addresses: "fixed.example.com"
> and "float.example.com". The latter is an IP address that the server
> sometimes assumes as part of its role in a high-availability cluster.
>
> I have compiled my own openssh+gssapi version of sshd, and have got
> ssh single-sign-on working fine (both windows secureCRT, a patched
> version of Putty, and also the unix openssh clients) . So far so good.
>
> It is now time to get gssapi auth to working with the
> "float.example.com" address.
>
> Can I expect to just add the keytab for "float.example.com" into /etc/
> krb5.keytab and expect everything to be OK?
Hi Edward,
I don't have first hand knowledge of this particular scenario but from
what I know about GSSAPI it should work fine. GSSAPI works by name so
provided the key on the KDC associated with the service principal matches
the key in the keytab used by sshd then it should work.
Mike
--
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
