Re: Problem with name resolving, or what?

[Mans Nilsson <mansaxel@sunet.se>]

Subject: Re: Problem with name resolving, or what? Date: Thu, Jun 06, 2002 at 10:39:24PM +0200 Quoting Thomas Nystrom (thn@saeab.se):
> Try to do a 'klist -v', you will then see which IP-addresses are put in
> the different tickets. Also try to do that AFTER you fails to login to see
> what tickets you have after the fail (and with which tickets).
> 
> When you request a ticket with Krb5 the client will need to put in the
> IP-address and if you client for some reason have the wrong idea of what
> its IP-address is (like when using NAT) then it will fail. By using 'klist
> -v' you can see what the client really have put in the tickets.

Already did this -- suggested by Love. The clients address shows
up in all tickets -- both before and after a failed login. As I
wrote I do believe I've done my homework; DNS works, no strange
networking (two machines on the same switch, and in the same broadcast
domain are both KDC and resolv server...) 

One idea though: I do have IPv6 enabled (as in v6-aware stacks and
autoconfig enabled, but no other infrastructure support) on both
hosts. Could it be that this interferes even though all on-the-wire
communication is done over v4 (sniffed and checked, yup), perhaps
as in garbled responses to gethostbyname() or similar?

...still baffled..
-- 
Måns Nilsson		Systems Specialist
+46 70 681 7204		KTHNOC
			MN1334-RIPE

And furthermore, my bowling average is unimpeachable!!!