[28829] in Kerberos
Re: Kerberos 5 and DNS aliases
daemon@ATHENA.MIT.EDU (Victor Sudakov)
Sun Dec 2 02:00:15 2007
From: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Date: Sun, 2 Dec 2007 06:32:18 +0000 (UTC)
Message-ID: <fitjhi$pa1$1@relay.tomsk.ru>
X-Complaints-To: noc@sibptus.tomsk.ru
X-Comment-To: Danny Mayer <mayer@ntp.isc.org>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Danny Mayer wrote:
> >
> > If a server is known by several names in DNS, how can I make GSSAPI
> > authentication work with all those names?
> >
> What's the real question?
Here is the real question.
I have created a principal for each of the several names, and placed
these principals' keys into the destination server's keytab. However
when I try to ssh into this server, GSSAPI auth works only for one of
these names, actually the name which is equal to the server's `hostname`.
I can even choose which name will work, by changing the server's
`hostname`. But only one name at a time will work.
> This is about the PTR records?
I really do not know why the above setup does not work as I expect.
If the matter is really about PTR records, please elaborate. I have
never known that Kerberos uses PTR records in any way.
The system is FreeBSD 6.2 with stock Kerberos and ssh.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
