Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I use kerberos and SSSD for Active Directory authentication for our CentOS6 hosts.
We also use GSSAPI for SSH to delegate authentication with the kerberos ticket so we don't need to use SSH keys.
The issue I am running into is if I ssh to the hostname, passwordless authentication works great using GSSAPI. If I ssh to a virtual IP on the server GSSAPI complains that the host is not in the kerberos database.
I also have separate/different A records for my Virtual IP's.
This is my original keytab.
# Note I have replaced my real domain name with MYDOMAIN for security reasons.
I have tried adding entries to the keytab using ktutil
for example: add_entry -key -p host/sql01.u.m4.mydomain.com -k 2 -e arcfour-hmac
As you can see I have tried every combination of this.
Note sql01.u.m4.mydomain.com is on the same system as m4deploy01.m4.mydomain.com Just a different A record pointing to a virtual IP on the system.
I have also added an Active Directory computer called "sql01" Just like I have "m4deploy01" in active directory.