From owner-freebsd-security Tue Jul 7 12:22:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA19694 for freebsd-security-outgoing; Tue, 7 Jul 1998 12:22:47 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from blubb.pdc.kth.se (blubb.pdc.kth.se [193.10.159.47]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id MAA19678 for ; Tue, 7 Jul 1998 12:22:42 -0700 (PDT) (envelope-from joda@pdc.kth.se) Received: from joda by blubb.pdc.kth.se with local (Exim 1.71 #3) id 0ytdJa-00030z-00; Tue, 7 Jul 1998 21:22:10 +0200 To: dima@best.net Cc: ludwigp@bigfoot.com (Ludwig Pummer), security@FreeBSD.ORG Subject: Re: kerberos su problems betw 2 machines References: <199807071910.MAA04769@burka.rdy.com> X-Emacs: 19.34 Mime-Version: 1.0 (generated by SEMI MIME-Edit 0.77) Content-Type: text/plain; charset=US-ASCII From: joda@pdc.kth.se (Johan Danielsson) Date: 07 Jul 1998 21:22:10 +0200 In-Reply-To: dima@best.net's message of "Tue, 7 Jul 1998 12:10:37 -0700 (PDT)" Message-ID: Lines: 13 X-Mailer: Gnus v5.6.9/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org dima@best.net (Dima Ruban) writes: > Make sure, lookup on both IP addresses on your interfaces gives you > _the same_ name. I don't think this is the problem. In MIT Kerberos 5, you can get a working multi-homed configuration by making sure that the hostname has A records for all it's interfaces. In Kerberos 4 (which we are dealing with here), only has room for one ip-address in the ticket, and the KDC chooses that address based on the ip-address the request was sent from. /Johan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message