OpenSSH problem on Solaris 8
Jacques A. Vidrine
n at nectar.cc
Wed May 22 09:32:55 EDT 2002
On Wed, May 22, 2002 at 01:42:54PM +0200, Marc wrote:
> Well that's strange because I have one:
>
> bash-2.03# klist -k
> Keytab name: FILE:/etc/krb5/krb5.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
> 1 host/hostname.domain.com at REALM
Is `hostname.domain.com' the same as the output of the hostname
command?
If I recall correctly, Simon's modifications indirectly use
gethostname() to determine the server principal name to use. This is
different than what most Kerberos network applications do (they
typically use getsockname()). It matters if your machine has multiple
interfaces, or if for any other reason your hostname is different than
the name you give the client.
i.e.
client% ssh foo
server% hostname
bar
foo and bar must match.
I sent Simon some patches some time ago to (a) allow one to specify
how to get the server name in the server (sshd) and (b) allow one to
specify a different name to use at the client (ssh) to handle such
cases, as well as tunneling and things of that nature where the
network name does not match the server name. I can dig them up if you
like.
Cheers,
--
Jacques A. Vidrine <n at nectar.cc> http://www.nectar.cc/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
jvidrine at verio.net . nectar at FreeBSD.org . nectar at kth.se
More information about the Kerberos
mailing list