"host/localhost" Principal
ms419@freezone.co.uk
ms419 at freezone.co.uk
Fri Jan 2 02:03:35 EST 2004
If I try connecting to services running on the local machine using
"localhost", instead of the machine's hostname, Kerberos authentication
fails because the principal, "host/localhost" (or "ldap/localhost")
doesn't exist. On a mobile system running a slave kdc and LDAP server,
I sometimes have to connect using "localhost", when no other network
interfaces are available.
I perceive two solutions to this problem: 1) create a "host/localhost"
(or "ldap/localhost) principal and install it in every machine's
keytab. 2) change the reverse lookup of 127.0.0.1 from "localhost" to
the machine's hostname.
Are there any security issues with the first solution? Is either
solution advisable?
Thanks,
Jack
More information about the Kerberos
mailing list