/etc/hosts and DNS

Luke clairst at uiuc.edu
Mon Feb 14 13:07:19 EST 2005


The situation in my network requires some of my machines to never have the
same address (traveling laptops, etc).  I'd like them to be able to still
access kerberized application servers.  Will simply requesting addressless
tickets solve this?  Or are DNS lookups (forward or reverse) still
necessary, even just for clients?

My other question is about kerberized servers -  my kdc has a PPPoE
connection, so the outward facing address is dynamic.  I can't change
reverse lookups, sadly, due to my ISP.  How can I use /etc/hosts to give a
correct resolution?  Can i use /etc/hosts in this situation, when my
external IP is dynamic?

Right now, i have

internal_ip myhost.com myhost

in /etc/hosts, but running sshd -d shows that when trying to connect from a
client with ssh -K myhost a host principal is not found, even though a host
principal for host/myhost.com exists in /etc/krb5.keytab, and shows up in a
list * in a kadmin prompt.  The client's ticket is addressess.

Thanks for the help...


Other info:
using heimdal kerberos
debian sarge
ssh-krb5
dyndns.org services


More information about the Kerberos mailing list