>/usr/krb5/sbin/kprop: Server rejected authentication (during sendauth exchange) >while authenticating to server >/usr/krb5/sbin/kprop: Incorrect net address signalled from server >Error text from server: Incorrect net address
Hm. DNS really shouldn't affect things in this way (usually the problem lies with resolving hostnames for the service principal name). Based on these error messages, the server is rejecting the AP_REQ that the client sends to it, based on the IP address in it. The IP address(es) in the AP_REQ come from the IP addresses that the client detects that the host has (the client walks the interface list and for every interface it finds, it adds it to the AP_REQ). It seems to me that however you're doing multihoming, the Kerberos client code isn't detecting the additional interfaces correctly. Are these "real" additional interfaces, or are they aliases or virtual interfaces? If they're aliases, then I would guess that's the problem. That's probably a bug ... but if that's the problem, I'd ask why you're doing multihoming that way, because if they're on the same network, you won't gain any reliability (IMHO). --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
