Principal for service
Thomas A. La Porte
tlaporte at anim.dreamworks.com
Tue Feb 10 21:29:22 EST 2004
It mostly will depend on the clients that you are using, and what
service principle they are requesting. Some Kerberized ftp
clients will simply ask for a service ticket for the host's
principle (host/foo.example.com at EXAMPLE.COM). Others will ask for
a service ticket specific to the service
(imap/foo.example.com at EXAMPLE.COM, ftp/foo.example.com at EXAMPLE.COM,
ldap/foo.example.com at EXAMPLE.COM, etc.)
-- Tom
Thomas A. La Porte, DreamWorks SKG
<mailto:tlaporte at anim.dreamworks.com>
On 10 Feb 2004, Brian Lavender wrote:
>Do I have to create a principal for a service? I created a host
>principal and then a service principal, and then I added them to my
>keytab, but I am not sure if I had to add the service principal. This
>is for current Kerberos 5 from MIT.
>
>This is what I did.
>
>addprinc host/foo.example.com at EXAMPLE.COM
>addprinc ftp/foo.example.com at EXAMPLE.COM
>ktadd host/foo.example.com at EXAMPLE.COM
>ktadd ftp/foo.example.com at EXAMPLE.COM
>
>Is it necessary to add the service?
>
>brian
>________________________________________________
>Kerberos mailing list Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list