1 |
On 10/03/21 18:37, Grant Taylor wrote: |
2 |
> ACK |
3 |
> |
4 |
> By default, Kerberos includes IP restrictions in tickets. It chooses |
5 |
> the IP based on what the system returns. So if the system returns |
6 |
> 127.0.0.1 (or ::1) for the hostname, any tickets that use that IP will |
7 |
> be non-viable / useless anywhere but localhost. |
8 |
|
9 |
Could it be (I don't use Kerberos) this tricks Kerberos into associating |
10 |
127.0.0.1 with your FQDN, so it works for the first person to request |
11 |
it, and then breaks for everyone else? |
12 |
|
13 |
Also, bear in mind I think in certain setups /etc/hosts is redundant. |
14 |
Don't you specify somewhere a list of services to use to look up |
15 |
computer names, and if /etc/hosts is missing/disabled in that list, it |
16 |
gets ignored? |
17 |
|
18 |
Cheers, |
19 |
Wol |