On 10/03/21 18:37, Grant Taylor wrote: > ACK > > By default, Kerberos includes IP restrictions in tickets. It chooses > the IP based on what the system returns. So if the system returns > 127.0.0.1 (or ::1) for the hostname, any tickets that use that IP will > be non-viable / useless anywhere but localhost.
Could it be (I don't use Kerberos) this tricks Kerberos into associating 127.0.0.1 with your FQDN, so it works for the first person to request it, and then breaks for everyone else? Also, bear in mind I think in certain setups /etc/hosts is redundant. Don't you specify somewhere a list of services to use to look up computer names, and if /etc/hosts is missing/disabled in that list, it gets ignored? Cheers, Wol
