/etc/hosts and DNS
clairst at uiuc.edu
Mon Feb 14 13:07:19 EST 2005
The situation in my network requires some of my machines to never have the
same address (traveling laptops, etc). I'd like them to be able to still
access kerberized application servers. Will simply requesting addressless
tickets solve this? Or are DNS lookups (forward or reverse) still
necessary, even just for clients?
My other question is about kerberized servers - my kdc has a PPPoE
connection, so the outward facing address is dynamic. I can't change
reverse lookups, sadly, due to my ISP. How can I use /etc/hosts to give a
correct resolution? Can i use /etc/hosts in this situation, when my
external IP is dynamic?
Right now, i have
internal_ip myhost.com myhost
in /etc/hosts, but running sshd -d shows that when trying to connect from a
client with ssh -K myhost a host principal is not found, even though a host
principal for host/myhost.com exists in /etc/krb5.keytab, and shows up in a
list * in a kadmin prompt. The client's ticket is addressess.
Thanks for the help...
using heimdal kerberos
More information about the Kerberos