[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2 fqdn

To: Antoine Jacoutot <ajacoutot@lphp.org>
Subject: Re: 2 fqdn
From: Michael B Allen <mba2000@ioplex.com>
Date: Fri, 4 Nov 2005 11:47:03 -0500
Cc: heimdal-discuss@sics.se
In-Reply-To: <436B5C3C.5000302@lphp.org>
References: <436B5C3C.5000302@lphp.org>
Sender: owner-heimdal-discuss@sics.se

On Fri, 04 Nov 2005 14:03:56 +0100
Antoine Jacoutot <ajacoutot@lphp.org> wrote:

> Hello...
> 
> I have a stupid question, really.
> I have an OpenSSH server that has 2 interfaces. I authenticate to it 
> with GSSAPI. This server runs an Heimdal KDC.
> All is working fine except one little annoyance: on the DNS, this server
> has 2 different fqdn that correspond to it's different interfaces.
> ie: 192.168.1.1 --> server.domain01.com
>      192.168.2.1 --> server.domain02.com
> 
<snip>
> So, does anyone know if there's a way to use both hostnames and making
> GSSAPI works ?

Did you create both host/server.domain01.com@REALM.COM and
host/server.domain02.com@REALM.COM SPNs? Google for "multihomed kdc". No
doubt people have explored this issue before.

But I think a bigger problem with multihomed systems ingeneral is
this will be the services that only accept principals with a hostname
matching that of the primary name of the local machine. Ideally all
services would support the concept of virtual hosting but I seriously
doubt they do consistently. Ssh might though, I don't know.

Mike

Follow-Ups:
- Re: 2 fqdn
  - From: Antoine Jacoutot <ajacoutot@lphp.org>

References:
- 2 fqdn
  - From: Antoine Jacoutot <ajacoutot@lphp.org>

Prev by Date: 2 fqdn
Next by Date: Re: 2 fqdn
Prev by thread: 2 fqdn
Next by thread: Re: 2 fqdn
Index(es):
- Date
- Thread