Troubleshooting procedures for host-based authentication mechanisms
The host-based authentication mechanisms – Host-Based Authentication (HBA) and Enhanced Host-Based Authentication (HBA2) – rely upon the ability to resolve the IP address of a host to a host name, and to obtain a consistent host name value for a system throughout the cluster.
The local system's host based authentication mechanism trusted host list is searched to find an entry matching the host name or IP address, obtain the public key associated with it, and use this key in the verification of credentials. Authentication failures can result if the host based authentication Mechanism Pluggable Modules or the ctcasd daemon are unable to resolve IP addresses, if the addresses are resolved in inconsistent ways throughout the cluster, or if differing host name values are obtained for the same system in different locations within the cluster.
These troubleshooting procedures are designed to be used between two separate nodes of a cluster that are experiencing authentication problems. These procedures use the terms nodeA and nodeB to generically to refer to these nodes, where nodeA is initiating a request to nodeB, and an authentication problem occurs as a result. If the problem involves more than two nodes in the cluster, repeat these steps for each pairing of nodes that is experiencing the problem.
When performing these procedures, connect to the systems as the root user.