[29936] in Kerberos
Re: Problem with duplication of hostname
daemon@ATHENA.MIT.EDU (Danny Mayer)
Sun Jun 8 23:33:52 2008
Message-ID: <484CA402.2000206@ntp.isc.org>
Date: Sun, 08 Jun 2008 23:31:14 -0400
From: Danny Mayer <mayer@ntp.isc.org>
MIME-Version: 1.0
To: Andrea Cirulli <acirulli@gmail.com>
In-Reply-To: <191a80d00806060101o2b4bf739l6b20acf3162ae508@mail.gmail.com>
X-kostecke.net-MailScanner-From: mayer@ntp.isc.org
Cc: kerberos@mit.edu
Reply-To: mayer@ntp.isc.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Andrea Cirulli wrote:
> Hi all,
>
> I setted up kerberos on a big environment, let's say 1300 servers. We have
> one Master Kerberos and 16 Slaves. We have this problem: the environment is
> commercial so we are a little bit constrained, we are not allowed to use DNS
> nor any kind of host centralization.
Why not? DNS needs to be part of your basic infrastructure. 1300 servers
is unmanagable without it.
> We are facing with the problem that
> some server can have the same hostname. My question is there is a way to
> have multiple key (host principal) having two server with the same hostname.
>
It's most unlikely that this will work, nor do you want this to work.
> For example, let's say we have two server called host_pippo, on the kdc side
> we create host/host_pippo@REALM. This principal can be used for both the
> hosts with hostname host_pippo. Is there any workaround to discriminate
> server with the same hostname?
>
How are you going to do that? You should never allow a host with the
same name in a domain. You could use the IP addresses I guess but what's
the point of that?
> I know that kerberos without DNS managing thounsands of systems can be
> dangerous but we have no choice :-(, so any valid workaround would be
> helpful :-D
>
How about explaining why you cannot use DNS?
Danny
> Thanks in advance.
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
