[29759] in Kerberos
Re: Is a Kerberos principal always a DNS name?
daemon@ATHENA.MIT.EDU (Victor Sudakov)
Thu Apr 24 22:31:32 2008
From: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Date: Fri, 25 Apr 2008 02:07:32 +0000 (UTC)
Message-ID: <fured4$vvq$3@relay.tomsk.ru>
X-Complaints-To: noc@sibptus.tomsk.ru
X-Comment-To: bbense@slac.stanford.edu (Booker Bense)
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Booker Bense wrote:
> >
> >Is a Kerberos principal always a DNS name? Can't an IP literal be used?
> >
> It's whatever both sides of the connection argee that it should
> be BEFORE the connection is made. DNS names are used by default
> since that makes an easy out of band way to get both sides to agree.
> You can use IP addrs if you can wrangle both client and server
> software into using them. I'm not aware of any standard clients
> that will support that kind of usage though.
If we take for example an sshd server on a typical Unix host, how does
it figure out its own principal name? Suppose it has keys for
multiple principals in the keytab, which one would it choose?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
