I have my ipa 1.2.2 setup in an environment where my servers have two NICs each in a different VLAN.
With the multi NIC setup I have two different DNS names for a single host to control which interface is is used when accessing the host e.g. host.example.com and host.priv.example.com. The hostname of the server is set to host.example.com. I first configured the ipa-client on the host with the host.example.com service principle and all is well; I can login via ssh and authentication occurs via kerberos. I then setup another service principle with the host.priv.example.com and downloaded the keytab to the target server. However when I try to login via ssh I am prompted for a password. Turning on verbose output for ssh and upping the syslog to debug, I came across this: Error code krb5 144 which I discovered means "wrong principal in request." Is what I am trying to do, having more then one host/ssh service principle for a single host that is multihomed? If so what is causing the error code 144 when I can see that in my local klist the ticket for the host.priv.example.com is present? Thanks. -- David _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
