[1168] in Kerberos
re: Realm name conventions
daemon@ATHENA.MIT.EDU (Dave Edmondson)
Tue Nov 20 07:51:06 1990
To: Hilary Jones <hilary@snll-arpagw.llnl.gov>
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: hilary@snll-arpagw.llnl.gov's message of Mon, 19 Nov 90 08:55:43 -0800
Date: Tue, 20 Nov 90 09:41:17 +0000
From: Dave Edmondson <dme@doc.imperial.ac.uk>
hilary was enquiring about the relationship between domain names and
kerberos realms....
they do interact to some extent. if we leave aside the discussion of
how to decide whether to use big or little endian domain names (ask
any uk site about that), then i would say that it is easier if you
pick you realm to match your domain, especially if all of your hosts
used fully qualified domain names. at imperial we chose
`doc.ic.ac.uk' as both our domain name and realm, and have been bitten
by even that a few times. there is at least one place where when
trying to decide the realm of a machine (krb_realmofhost) the
machine's domain name is extracted from the hostname, and then the
whole string is capitalised. so, i would say, use the same realm name
as your domain name, and ensure that the realm name is capitalised
(DOC.IC.AC.UK). then you won't have to worry about any of these little
things.
dave.
---
Dave Edmondson, Systems Support. Opinions are all my own.
Department of Computing, Imperial College of Science, Technology and Medicine,
180 Queen's Gate, London SW7 1BZ. phone: 071-589-5111 x5085 fax: 071-581-8024
email: dme@doc.ic.ac.uk, ..!ukc!icdoc!dme, dme@athena.mit.edu
``Be selective, be objective, be an asset to the collective'' -- Jazzy B
