I've got a kerberized service that worked fine before I started trying to use it through a load balancer. (I'm saying that for background, not because I didn't think it should matter.)
So the current situation is that I've changed /etc/hosts and /etc/ nodename to contain the FQDN of the balancer. The server *thinks* its name is the balancer's name. A connection to the balancer does get to the real server. The server's keytab has entries for both its real name and the balancer's name. Doesn't work. (Interestingly a direct connection that bypasses the balancer still works; I wouldn't have expected that.) So how do I go about debugging something like this? My next step would be to snoop the connection and feed it to ethereal, probably with lots of keys available so it can decode everything. Is there anything better to try? Is there any way to get the kerberos libs to say what (if anything) they are trying to get out of the keytab? If it matters, the service is Sun LDAP 5.2 on Solaris 9. ------------------------------------------------------------------------ ---- The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. [EMAIL PROTECTED], or [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos