[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2 fqdn

To: Michael B Allen <mba2000@ioplex.com>
Subject: Re: 2 fqdn
From: Antoine Jacoutot <ajacoutot@lphp.org>
Date: Fri, 04 Nov 2005 18:06:04 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <20051104114703.715e6551.mba2000@ioplex.com>
References: <436B5C3C.5000302@lphp.org> <20051104114703.715e6551.mba2000@ioplex.com>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051026)

Michael B Allen wrote:
> Did you create both host/server.domain01.com@REALM.COM and
> host/server.domain02.com@REALM.COM SPNs? Google for "multihomed kdc". No
> doubt people have explored this issue before.

Oh, yes of course I did... sorry I haven't been clear on that.
And of course I extrated the 2 keys in the server keytab.

> But I think a bigger problem with multihomed systems ingeneral is
> this will be the services that only accept principals with a hostname
> matching that of the primary name of the local machine. Ideally all
> services would support the concept of virtual hosting but I seriously
> doubt they do consistently. Ssh might though, I don't know.

Allright, so this is where the problem lies I guess. OpenSSH does not 
seem to play well with GSSAPI and virtual hosting.

Thanks for your input.

Antoine

Follow-Ups:
- Re: 2 fqdn
  - From: Craig Huckabee <huck@spawar.navy.mil>

References:
- 2 fqdn
  - From: Antoine Jacoutot <ajacoutot@lphp.org>
- Re: 2 fqdn
  - From: Michael B Allen <mba2000@ioplex.com>

Prev by Date: Re: 2 fqdn
Next by Date: Re: 2 fqdn
Prev by thread: Re: 2 fqdn
Next by thread: Re: 2 fqdn
Index(es):
- Date
- Thread