Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I use kerberos and SSSD for Active Directory authentication for our CentOS6 hosts.
We also use GSSAPI for SSH to delegate authentication with the kerberos ticket so we don't need to use SSH keys.
The issue I am running into is if I ssh to the hostname, passwordless authentication works great using GSSAPI. If I ssh to a virtual IP on the server GSSAPI complains that the host is not in the kerberos database.
I also have separate/different A records for my Virtual IP's.
This is my original keytab.
# Note I have replaced my real domain name with MYDOMAIN for security reasons.
I have tried adding entries to the keytab using ktutil
for example: add_entry -key -p host/sql01.u.m4.mydomain.com -k 2 -e arcfour-hmac
As you can see I have tried every combination of this.
Note sql01.u.m4.mydomain.com is on the same system as m4deploy01.m4.mydomain.com Just a different A record pointing to a virtual IP on the system.
I have also added an Active Directory computer called "sql01" Just like I have "m4deploy01" in active directory.