openssh addressless ticket question
Kevin Hill
kevinh at fnal.gov
Mon Feb 7 11:21:08 EST 2005
Hi,
This is a multiple possible mailing list question, but I thought I'd try
here first...
We are using an older version of openssh with Simon Wilkinson's gssapi
patch, and a locally maintained version of mit kerberos. We have some
linux systems behind a load balancer, which are having problems getting
afs tickets.
The systems behind the load balancer are configured with the external ip
address client machines think they are connected to bound to a loopback
device. They have a host principal for this name installed. Clients can
authenticate correctly, but if they log in with an addressless ticket
they are ending up with a tgt with the ip they connected to in their
cache, which seems to be preventing getting an afs token. When
connecting with telnet they are getting an addressless tgt and can
successfully get an afs token.
Anyone seen this situation come up before or have any suggestions?
thanks,
-kevin
More information about the Kerberos
mailing list