From owner-freebsd-security  Tue Jul  7 12:22:47 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA19694
          for freebsd-security-outgoing; Tue, 7 Jul 1998 12:22:47 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from blubb.pdc.kth.se (blubb.pdc.kth.se [193.10.159.47])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id MAA19678
          for <security@freebsd.org>; Tue, 7 Jul 1998 12:22:42 -0700 (PDT)
          (envelope-from joda@pdc.kth.se)
Received: from joda by blubb.pdc.kth.se with local (Exim 1.71 #3)
	id 0ytdJa-00030z-00; Tue, 7 Jul 1998 21:22:10 +0200
To: dima@best.net
Cc: ludwigp@bigfoot.com (Ludwig Pummer), security@FreeBSD.ORG
Subject: Re: kerberos su problems betw 2 machines
References: <199807071910.MAA04769@burka.rdy.com>
X-Emacs: 19.34
Mime-Version: 1.0 (generated by SEMI MIME-Edit 0.77)
Content-Type: text/plain; charset=US-ASCII
From: joda@pdc.kth.se (Johan Danielsson)
Date: 07 Jul 1998 21:22:10 +0200
In-Reply-To: dima@best.net's message of "Tue, 7 Jul 1998 12:10:37 -0700 (PDT)"
Message-ID: <xof3ecd5uvx.fsf@blubb.pdc.kth.se>
Lines: 13
X-Mailer: Gnus v5.6.9/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

dima@best.net (Dima Ruban) writes:

> Make sure, lookup on both IP addresses on your interfaces gives you
> _the same_ name.

I don't think this is the problem. In MIT Kerberos 5, you can get a
working multi-homed configuration by making sure that the hostname has
A records for all it's interfaces. In Kerberos 4 (which we are dealing
with here), only has room for one ip-address in the ticket, and the
KDC chooses that address based on the ip-address the request was sent
from.

/Johan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message