Principal for service

Thomas A. La Porte tlaporte at anim.dreamworks.com
Tue Feb 10 21:29:22 EST 2004


It mostly will depend on the clients that you are using, and what 
service principle they are requesting. Some Kerberized ftp 
clients will simply ask for a service ticket for the host's 
principle (host/foo.example.com at EXAMPLE.COM). Others will ask for 
a service ticket specific to the service 
(imap/foo.example.com at EXAMPLE.COM, ftp/foo.example.com at EXAMPLE.COM,
ldap/foo.example.com at EXAMPLE.COM, etc.)

 -- Tom

Thomas A. La Porte, DreamWorks SKG
<mailto:tlaporte at anim.dreamworks.com>          

On 10 Feb 2004, Brian Lavender wrote:

>Do I have to create a principal for a service? I created a host
>principal and then a service principal, and then I added them to my
>keytab, but I am not sure if I had to add the service principal. This
>is for current Kerberos 5 from MIT.
>
>This is what I did.
>
>addprinc host/foo.example.com at EXAMPLE.COM
>addprinc ftp/foo.example.com at EXAMPLE.COM
>ktadd host/foo.example.com at EXAMPLE.COM 
>ktadd ftp/foo.example.com at EXAMPLE.COM
>
>Is it necessary to add the service?
>
>brian
>________________________________________________
>Kerberos mailing list           Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>



More information about the Kerberos mailing list