| 1 |
On 10/03/21 18:37, Grant Taylor wrote: |
| 2 |
> ACK |
| 3 |
> |
| 4 |
> By default, Kerberos includes IP restrictions in tickets. It chooses |
| 5 |
> the IP based on what the system returns. So if the system returns |
| 6 |
> 127.0.0.1 (or ::1) for the hostname, any tickets that use that IP will |
| 7 |
> be non-viable / useless anywhere but localhost. |
| 8 |
|
| 9 |
Could it be (I don't use Kerberos) this tricks Kerberos into associating |
| 10 |
127.0.0.1 with your FQDN, so it works for the first person to request |
| 11 |
it, and then breaks for everyone else? |
| 12 |
|
| 13 |
Also, bear in mind I think in certain setups /etc/hosts is redundant. |
| 14 |
Don't you specify somewhere a list of services to use to look up |
| 15 |
computer names, and if /etc/hosts is missing/disabled in that list, it |
| 16 |
gets ignored? |
| 17 |
|
| 18 |
Cheers, |
| 19 |
Wol |
Archives