On Wed, 27 Apr 2011, Brian Candler wrote: > I suggest you try having only have a single PTR record, to whatever is > the "primary" hostname. > > However what you've done would be acceptable if the machine was > multi-homed (with two different IP addresses):
Yes... both are possible options. Unfortunately I don't control the DNS and I'm told the DNS is "correct". I'm trying to convince those that control the DNS something needs to change, but that's really just a work-around. It's not addressing my real question... I'm trying to understand WHY this doesn't work given the current situation, ie, 2 hostnames and 1 IP address. If it works from an OS X client, why doesn't it work from a linux client? > > There are "host" principals for both hostnames in /etc/krb5.keytab > > Do they have the same key? (Again, it shouldn't matter when > GSSAPIStrictAcceptorCheck is no, but just a thought) The same "key"? Not sure what you mean. They are completely separate host principals but they are in the same keytab. This is how I've done it for a true multi-homed host (ie separate IP addresses) and it works fine. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
