[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2 fqdn



Antoine,

have a look on bugzilla.mindrot.org
(http://bugzilla.mindrot.org/show_bug.cgi?id=928). I added a bug report with a
patch sometime ago regarding this issue. Find attached a patch for 4.2p1

Regards
Markus

On Fri Nov  4 17:06 , Antoine Jacoutot <ajacoutot@lphp.org> sent:

>Michael B Allen wrote:
>> Did you create both host/server.domain01.com@REALM.COM and
>> host/server.domain02.com@REALM.COM SPNs? Google for "multihomed kdc". No
>> doubt people have explored this issue before.
>
>Oh, yes of course I did... sorry I haven't been clear on that.
>And of course I extrated the 2 keys in the server keytab.
>
>> But I think a bigger problem with multihomed systems ingeneral is
>> this will be the services that only accept principals with a hostname
>> matching that of the primary name of the local machine. Ideally all
>> services would support the concept of virtual hosting but I seriously
>> doubt they do consistently. Ssh might though, I don't know.
>
>Allright, so this is where the problem lies I guess. OpenSSH does not 
>seem to play well with GSSAPI and virtual hosting.
>
>Thanks for your input.
>
>Antoine

openssh4.2p1multi.patch