Kerberos - /etc/hosts can be a killer.
My own private war is with my habits. So often when testing web services, I will setup a name in /etc/hosts allowing a quick and dirty approach to debugging, test, or whatever.
I use kerberos and this is a problem, considering that I added this:
198.145.247.218 test.asylumware.com
When you connect to a kerberized host with SSH, the Kerb client does a PTR lookup on the forward resolved IP address. This name is 'who' it will look for a ticket from when connecting.
After months of work, suddenly I could not longer auth via kerberos. I couldn't see the problem, and I couldn't remember where to look. "ssh -v menionus@embassy.asylumware.com" reveals 'Server Not Found in Kerberos Database', and it's freaky, puzzling and can be depressing. Always look in the KDC log, it will show the violating requests.
root@embassy # cat krb5kdc.log |grep -i 'server not found'
Jul 26 14:56:04 embassy krb5kdc[7482](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) XX.XX.XX.XX: UNKNOWN_SERVER:
authtime 1153950097, menionus@ASYLUMWARE.COM for host/test.asylumware.com@ASYLUMWARE.COM, Server not found in Kerberos database
Jul 26 14:56:45 embassy krb5kdc[7482](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) XX.XX.XX.XX: UNKNOWN_SERVER:
authtime 1153950097, menionus@ASYLUMWARE.COM for host/test.asylumware.com@ASYLUMWARE.COM, Server not found in Kerberos database
Jul 26 14:56:45 embassy krb5kdc[7482](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) XX.XX.XX.XX: UNKNOWN_SERVER:
authtime 1153950097, menionus@ASYLUMWARE.COM for host/test.asylumware.com@ASYLUMWARE.COM, Server not found in Kerberos database
Here is the hack to avoid the problem.
198.145.247.218 embassy.asylumware.com testserver.myplace.com otherserver.myplace.comProblem Solved. =)