Wrong principal in request using virt interface
petesea@bigfoot.com
petesea at bigfoot.com
Mon Jan 29 17:37:19 EST 2007
On Mon, 29 Jan 2007, Christopher D. Clausen wrote:
> petesea at bigfoot.com wrote:
>
>> I'm moving the server to a new cluster of RHE hosts that use virtual
>> interfaces (eg. eth0:1) to allow for failover to a new host while still
>> maintaining the original IP address. On this new system I'm getting
>> the following error when I run sshd in debug (-ddd) mode:
>>
>> Wrong principal in request
>>
>> I have 2 IP addresses and 2 hostnames associated with the 2 interfaces
>> (one of them a virtual interface) on my workstation:
>>
>> interface hostname ip
>> -----------------------------------------
>> eth0 gort.home.org 192.168.0.2
>> eth0:1 cvs.home.org 192.168.0.200
>
> Can you simply fail-over using the same IP on both interfaces? (I
> believe there is a bonding module in Linux that can do this.)
The point of the virt interface is so it can be moved to a different host.
If the virt interface has the same IP as the real interface, then it
couldn't be moved to another host. In other words, the "fail-over" is to
fail over to a completely separate host, not a separate interface on the
same host.
> I don't think your setup will work b/c Kerberos relies upon proper DNS
> records for machines and having the machine change its hostname is bad.
But the hostname AND IP don't change... not even if the virt interface is
moved to a new host.
Or do you mean the hostname the host knows itself as vs the hostname
returned for a reverse DNS lookup of the IP associated with the virt
interface?
More information about the Kerberos
mailing list