OpenSSH problem on Solaris 8
Austin Gonyou
austin at coremetrics.com
Wed May 22 12:35:13 EDT 2002
An easy way around this problem is to ensure that your host/machine
exists as that name in DNS. If it's a small network, that's usually not
a problem.
So, in DNS, have machine as a PTR and machine.domain as the A record.
Add *only* the host/machine at REALM to the kdc as a principal, then your
kerberized SSHD that lives on the box will not be so unhappy.
There *is* an inconsistency though, if you try to ssh to machineX which
is a /etc/hosts entry for machine, then it is possible you will be
denied access because sshd does not know the machine you're trying to
connect to, and kerberos will get upset when passed that info and not
allow you to login.
On Wed, 2002-05-22 at 07:51, Marc wrote:
> Simon Wilkinson wrote:
>
> > Marc (syn_uw at NOSPAM_hotmail.com) wrote:
> > : Well that's strange because I have one:
> > : 1 host/hostname.domain.com at REALM
> >
> > Apologies for the stupid question - but this isn't literally
> > host/hostname.domain.com at REALM,
> >
> > but rather
> > host/mymachine.mydomain at MYREALM
> > (with mymachine, mydomain and MYREALM replaced with the correct values
> > for your site)
> >
> > I ask only because I've seen this happen before!
> >
> > Cheers,
> >
> > Simon.
> >
>
> Hehe, sorry I should have precised it better, no it is really correct i
> have : host/myhostname.mydomain at MYREALM
>
> Regards
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
http://mailman.mit.edu/mailman/listinfo/kerberos
--
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com
"One ought never to turn one's back on a threatened danger and
try to run away from it. If you do that, you will double the danger.
But if you meet it promptly and without flinching, you will
reduce the danger by half."
Sir Winston Churchill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20020522/3e4b43a6/attachment.bin
More information about the Kerberos
mailing list