Principal for service

Russ Allbery rra at stanford.edu
Tue Feb 10 21:48:20 EST 2004


Brian Lavender <brian at brie.com> writes:

> Do I have to create a principal for a service? I created a host
> principal and then a service principal, and then I added them to my
> keytab, but I am not sure if I had to add the service principal. This is
> for current Kerberos 5 from MIT.

> This is what I did.

> addprinc host/foo.example.com at EXAMPLE.COM
> addprinc ftp/foo.example.com at EXAMPLE.COM
> ktadd host/foo.example.com at EXAMPLE.COM 
> ktadd ftp/foo.example.com at EXAMPLE.COM

> Is it necessary to add the service?

It depends entirely on what your ftp server and client are using to do
authentication.  It looks like the version that comes with MIT tries
ftp/hostname.example.com and then falls back on host/hostname.example.com
if the former doesn't exist.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list