An easy way around this problem is to ensure that your host/machine exists as that name in DNS. If it's a small network, that's usually not a problem.
So, in DNS, have machine as a PTR and machine.domain as the A record. Add *only* the host/machine@REALM to the kdc as a principal, then your kerberized SSHD that lives on the box will not be so unhappy. There *is* an inconsistency though, if you try to ssh to machineX which is a /etc/hosts entry for machine, then it is possible you will be denied access because sshd does not know the machine you're trying to connect to, and kerberos will get upset when passed that info and not allow you to login. On Wed, 2002-05-22 at 07:51, Marc wrote: > Simon Wilkinson wrote: > > > Marc ([EMAIL PROTECTED]) wrote: > > : Well that's strange because I have one: > > : 1 host/hostname.domain.com@REALM > > > > Apologies for the stupid question - but this isn't literally > > host/hostname.domain.com@REALM, > > > > but rather > > host/mymachine.mydomain@MYREALM > > (with mymachine, mydomain and MYREALM replaced with the correct values > > for your site) > > > > I ask only because I've seen this happen before! > > > > Cheers, > > > > Simon. > > > > Hehe, sorry I should have precised it better, no it is really correct i > have : host/myhostname.mydomain@MYREALM > > Regards > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: [EMAIL PROTECTED] "One ought never to turn one's back on a threatened danger and try to run away from it. If you do that, you will double the danger. But if you meet it promptly and without flinching, you will reduce the danger by half." Sir Winston Churchill
signature.asc
Description: This is a digitally signed message part
