Hi there, I've currently fighting issues with a couple of multi-homed hosts on my network here. I've read the FAQ on this subject, and I'm still not sure what to do.
http://www.faqs.org/faqs/kerberos-faq/general/section-47.html The problem stems from the fact that our the host in question resides on both an internal (10.0.0.0/8) and external network (general internet), and has two host names associated with it; 34.88.99.100 foogazzi.example.com 10.0.0.1 foogazzi.office.example.com The office.example.com domain is obviously not generally accessible to the outside world. The principle application here is SSH, which will account for about 99% of the Kerberos enabled traffic. SSH appears to have some very large issues with multiple interfaces and SSH. If I set the DNS and Reverse DNS to correctly return the above values and add both host/principles to the key as you would expect, and tell the server that it's hostname is foogazzi.example.com, I get some interesting results. Logging in from the outside works fine. Logging in from the internal LAN does the following; [EMAIL PROTECTED]:~$ ssh foogazzi.office.example.com Disconnecting: Protocol error: didn't expect packet type 34 Essentially, the server complains that the client has handed it the ticket for the wrong host, and has bailed out. The other option I've tried is to tell the RDNS for the internal IP to return the external name. Eg; 10.0.0.1 => foogazzi.example.com However, this gives me the following output; [EMAIL PROTECTED] ~ $ ssh foogazzi.office.example.com Address 10.0.0.1 maps to foogazzi.example.com but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT! Password: D'oh. Any suggestions? Regards Edward Murrell ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
