Hi, This is a multiple possible mailing list question, but I thought I'd try here first...
We are using an older version of openssh with Simon Wilkinson's gssapi patch, and a locally maintained version of mit kerberos. We have some linux systems behind a load balancer, which are having problems getting afs tickets. The systems behind the load balancer are configured with the external ip address client machines think they are connected to bound to a loopback device. They have a host principal for this name installed. Clients can authenticate correctly, but if they log in with an addressless ticket they are ending up with a tgt with the ip they connected to in their cache, which seems to be preventing getting an afs token. When connecting with telnet they are getting an addressless tgt and can successfully get an afs token. Anyone seen this situation come up before or have any suggestions? thanks, -kevin ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
