HPE Community
Operating System - HP-UX
1833875 Members
2141 Online
110063 Solutions
New Discussion

Re: Kerberos fails when using two LAN cards - one unplugged

 
Enrico Venturi
Super Advisor

‎10-02-2004 06:56 PM

‎10-02-2004 06:56 PM

Kerberos fails when using two LAN cards - one unplugged

Hello colleagues,
I'm looking for some informations to solve a problem I found on my system;
I'm using Kerberos B.11.11.02 on HP-UX 11i.
The platform has 2 LAN interfaces, namely: 151.98.20.1 and 151.98.20.128; netmasks are properly set to keep the two subnets separate.
When both interfaces are ON no problems are there; when the first of them, the one declared in the first row of /etc/hosts, is unplugged or disabled, then Kerberos doesn't properly work anymore: my application asks the AS to be authenticated; the AS grants it, then my application asks the TGT for having a ticket, but the TGT doesn't allow it because there's an inconsistency between the IP address declared by the AS and the IP address from which my application seems to be speaking.
Sorry to be confusing ...
When both LAN cards are unplugged then there aren't any problems.
But when the first of them is down then the TGT issues "error 6": it seems that the TGT perceives my application talking through LAN1 (the one still working) but the AS declared it was talking through LAN0.
Then problem isn't present when using Java client.
Any ideas?

Thanks
Enrico
0 Kudos
Reply
3 REPLIES 3
Enrico Venturi
Super Advisor

‎10-02-2004 07:01 PM

‎10-02-2004 07:01 PM

Re: Kerberos fails when using two LAN cards - one unplugged

Just to be more clear:
LAN0 interface declared in the 1st row of /etc/hosts
LAN1 interface declared in the 2nd row.

* both LAN are UP -> OK
* both LAN are down -> OK
* LAN1 down -> OK
* LAN0 down -> NOT OK
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-02-2004 07:51 PM

‎10-02-2004 07:51 PM

Re: Kerberos fails when using two LAN cards - one unplugged

HP-UX will not allow you to have two lan cards up at the same time on the same network.

If your netmask is 255.255.255.0 you can't have both cards up on the same network:

Exceptions:
APA Port aggregation. That works with certain multi port cards and sometimes with multiple cards.

SG allows you to have a card ready for failover but not up and operational.

Last time I tried that my box dropped right off the network so You're putty lucky the box operates at all.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎10-03-2004 07:32 PM

‎10-03-2004 07:32 PM

Re: Kerberos fails when using two LAN cards - one unplugged

This sounds to me that Kerberos is doing a host to address lookup and because the hostname is bound to LAN0 it sees it as being down. From the symptoms you describe it seems that this lookup occurs before the routing table is consulted.

I am not sure why you want to disable LAN0, but if this is a real requirement and not just an experiment, could you try to bind the hostname to LAN1?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.