[29719] in Kerberos
Re: Is it necessary to assign hostname to slave KDC in small letters
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Wed Apr 23 11:28:41 2008
From: Ken Raeburn <raeburn@MIT.EDU>
To: "Juri Dakua" <jdakua@TechMahindra.com>
In-Reply-To: <089781E831473740B23334AE52636CD30F578A1B@SINBNGEX001.TechMahindra.com>
Message-Id: <D383D90C-31CE-487A-928B-85D6D829E2CE@mit.edu>
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Wed, 23 Apr 2008 11:26:11 -0400
Cc: kerberos@MIT.EDU
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
On Apr 23, 2008, at 10:51, Juri Dakua wrote:
> FYI: all goes well if I assign the hostname in small letters
> (testslave), create the host principal accordingly
> (host/testslave.techmbng.com) and configure DNS server to return the
> same on IP lookup (testslave.techmbng.com).
>
>> From this it seems like kprop tries to do database propagation
>> using the
> host principal for the FQDN with hostname in all small letters
> (testslave.techmbng.com) rather than the actual FQDN assigned.
>
> Is it mandatory to have to slave KDC hostname assigned with all small
> letters or am I missing something?
DNS is not case-sensitive. Kerberos requires a single, fixed binary
encoding of a name -- that is, the spelling of the name is case-
sensitive. The Kerberos library will take the name supplied and
convert it to lowercase. So you can tell your host its name in
whatever case you want, and you can enter it into DNS using whatever
case you want (the two need not match), but the Kerberos service
principal names must use the lowercase form (and, obviously, need not
match the other two).
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
