On Tue, Apr 26, 2011 at 12:41:31PM -0700, [email protected] wrote: > $ host external.example.com > external.example.com has address 1.2.3.4 > > $ host internal.example.com > internal.example.com has address 1.2.3.4 > > $ host 1.2.3.4 > 4.3.2.1.in-addr.arpa domain name pointer external.example.com. > 4.3.2.1.in-addr.arpa domain name pointer internal.example.com.
I suggest you try having only have a single PTR record, to whatever is the "primary" hostname. However what you've done would be acceptable if the machine was multi-homed (with two different IP addresses): http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#kerbdns So I can't say for sure why it shouldn't work as you have it. > There are "host" principals for both hostnames in /etc/krb5.keytab Do they have the same key? (Again, it shouldn't matter when GSSAPIStrictAcceptorCheck is no, but just a thought) ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
