I have my ipa 1.2.2 setup in an environment where my servers have two
NICs each in a different VLAN.

With the multi NIC setup I have two different DNS names for a single
host to control which interface is is used when accessing the host e.g.
host.example.com and host.priv.example.com.  The hostname of the server
is set to host.example.com.

I first configured the ipa-client on the host with the host.example.com
service principle and all is well; I can login via ssh and
authentication occurs via kerberos.  I then setup another service
principle with the host.priv.example.com and downloaded the keytab to
the target server.  However when I try to login via ssh I am prompted
for a password.

Turning on verbose output for ssh and upping the syslog to debug, I came
across this: Error code krb5 144 which I discovered means "wrong
principal in request."

Is what I am trying to do, having more then one host/ssh service
principle for a single host that is multihomed?

If so what is causing the error code 144 when I can see that in my local
klist the ticket for the host.priv.example.com is present?



Freeipa-users mailing list

Reply via email to