[27887] in Kerberos
Re: gssapi auth, and multihomed multinamed hosts
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Wed Jun 6 12:40:00 2007
Message-ID: <4666E34F.6090504@anl.gov>
Date: Wed, 06 Jun 2007 11:39:43 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: Edward Irvine <eirvine@tpg.com.au>
In-Reply-To: <289E8CBB-BEE7-4F87-BDF9-69D80C519EF8@tpg.com.au>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Edward Irvine wrote:
> Hi Folks,
>
> I have a Solaris 10 server with two ip addresses: "fixed.example.com"
> and "float.example.com". The latter is an IP address that the server
> sometimes assumes as part of its role in a high-availability cluster.
>
> I have compiled my own openssh+gssapi version of sshd, and have got ssh
> single-sign-on working fine (both windows secureCRT, a patched version
> of Putty, and also the unix openssh clients) . So far so good.
Whose version of gssapi/Kerberos? Solaris? MIT? Heimdal?
Does the openssh pass a host name option to gss_acquire_cred?
If so it is forcing the principal name it is expecting.
>
> It is now time to get gssapi auth to working with the
> "float.example.com" address.
>
> Can I expect to just add the keytab for "float.example.com" into
> /etc/krb5.keytab and expect everything to be OK?
>
> Thanks
> Eddie
>
>
>
>
> ------------------------------------------------------------------------
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
