Hello all, allow me to contact the enterprise list (Cc: debian-edu), because here are probably some experts around that can help with the following issue: When working on the integration of Kerberos for debian-edu, I encountered the following problem:
My DNS provides several A-records for the IP-address of my KDC (which provides some more services), i.e. the host command returns: r...@tjener:~# host 10.0.2.2 2.2.0.10.in-addr.arpa domain name pointer tjener.intern. 2.2.0.10.in-addr.arpa domain name pointer kerberos.intern. 2.2.0.10.in-addr.arpa domain name pointer ldap.intern. 2.2.0.10.in-addr.arpa domain name pointer domain.intern. 2.2.0.10.in-addr.arpa domain name pointer postoffice.intern. 2.2.0.10.in-addr.arpa domain name pointer syslog.intern. There are host and service tickets for tjener.intern only. If I try to fetch a service ticket now, in 5 of 6 cases I get an error in the logs because a principal like nfs/syslog.int...@intern is missing. Only if the KDC is asked (by chance (?)) for nfs/tjener.int...@intern, things work as they should. (Some more detail here: <URL:http://lists.debian.org/debian-edu/2011/01/msg00041.html>) My questions are now: Can I use several A-records in combination with Kerberos and if yes, how? Is there a commen way of setting up the (Kerberos-) system with regard to the DNS, i.e. are there some "best practices" or recommendations? Many thanks in advance, Andi -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/20110107143052.ga26...@flashgordon
