[33156] in Kerberos
Re: acceptor
daemon@ATHENA.MIT.EDU (Victor Sudakov)
Thu Jan 27 14:04:11 2011
From: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Date: Thu, 27 Jan 2011 04:42:26 +0000 (UTC)
Message-ID: <ihqt3h$25ga$1@relay.tomsk.ru>
X-Complaints-To: noc@sibptus.tomsk.ru
X-Comment-To: Greg Hudson <ghudson@MIT.EDU>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Greg Hudson wrote:
> >
> > Is there a generic way for a kerberized server to configure which
> > acceptor principal it will use from the keytab? Why is it so that e.g.
> > sshd uses a "host/foo" principal while svnserve uses a "svn/foo" principal?
> > Is it configured somewhere or hardcoded in the source? What if I
> > wanted sshd to use a "ssh/foo" principal?
> The choice of service principal is primarily made by the client.
> Typically the first component is determined by the application protocol.
Do you mean that the server will look up in the keytab whatever
principal the client has sent? So if I want a different principal
name, I should configure the client rather than the server?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
