Multiple hostnames with same IP address (DNS A record)
Brian Candler
B.Candler at pobox.com
Wed Apr 27 14:02:38 EDT 2011
On Tue, Apr 26, 2011 at 12:41:31PM -0700, petesea at bigfoot.com wrote:
> $ host external.example.com
> external.example.com has address 1.2.3.4
>
> $ host internal.example.com
> internal.example.com has address 1.2.3.4
>
> $ host 1.2.3.4
> 4.3.2.1.in-addr.arpa domain name pointer external.example.com.
> 4.3.2.1.in-addr.arpa domain name pointer internal.example.com.
I suggest you try having only have a single PTR record, to whatever is the
"primary" hostname.
However what you've done would be acceptable if the machine was multi-homed
(with two different IP addresses):
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#kerbdns
So I can't say for sure why it shouldn't work as you have it.
> There are "host" principals for both hostnames in /etc/krb5.keytab
Do they have the same key? (Again, it shouldn't matter when
GSSAPIStrictAcceptorCheck is no, but just a thought)
More information about the Kerberos
mailing list