Wrong principal in request using virt interface

petesea@bigfoot.com petesea at bigfoot.com
Mon Jan 29 17:37:19 EST 2007


On Mon, 29 Jan 2007, Christopher D. Clausen wrote:

> petesea at bigfoot.com wrote:
>
>> I'm moving the server to a new cluster of RHE hosts that use virtual 
>> interfaces (eg. eth0:1) to allow for failover to a new host while still 
>> maintaining the original IP address.  On this new system I'm getting 
>> the following error when I run sshd in debug (-ddd) mode:
>>
>>   Wrong principal in request
>>
>> I have 2 IP addresses and 2 hostnames associated with the 2 interfaces 
>> (one of them a virtual interface) on my workstation:
>>
>>   interface   hostname        ip
>>   -----------------------------------------
>>   eth0        gort.home.org   192.168.0.2
>>   eth0:1      cvs.home.org    192.168.0.200
>
> Can you simply fail-over using the same IP on both interfaces?  (I 
> believe there is a bonding module in Linux that can do this.)

The point of the virt interface is so it can be moved to a different host. 
If the virt interface has the same IP as the real interface, then it 
couldn't be moved to another host.  In other words, the "fail-over" is to 
fail over to a completely separate host, not a separate interface on the 
same host.

> I don't think your setup will work b/c Kerberos relies upon proper DNS 
> records for machines and having the machine change its hostname is bad.

But the hostname AND IP don't change... not even if the virt interface is 
moved to a new host.

Or do you mean the hostname the host knows itself as vs the hostname 
returned for a reverse DNS lookup of the IP associated with the virt 
interface?



More information about the Kerberos mailing list