gssapi auth, and multihomed multinamed hosts
Douglas E. Engert
deengert at anl.gov
Wed Jun 6 12:39:43 EDT 2007
Edward Irvine wrote:
> Hi Folks,
>
> I have a Solaris 10 server with two ip addresses: "fixed.example.com"
> and "float.example.com". The latter is an IP address that the server
> sometimes assumes as part of its role in a high-availability cluster.
>
> I have compiled my own openssh+gssapi version of sshd, and have got ssh
> single-sign-on working fine (both windows secureCRT, a patched version
> of Putty, and also the unix openssh clients) . So far so good.
Whose version of gssapi/Kerberos? Solaris? MIT? Heimdal?
Does the openssh pass a host name option to gss_acquire_cred?
If so it is forcing the principal name it is expecting.
>
> It is now time to get gssapi auth to working with the
> "float.example.com" address.
>
> Can I expect to just add the keytab for "float.example.com" into
> /etc/krb5.keytab and expect everything to be OK?
>
> Thanks
> Eddie
>
>
>
>
> ------------------------------------------------------------------------
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list