"host/localhost" Principal
Luke Howard
lukeh at PADL.COM
Fri Jan 2 04:06:45 EST 2004
What about using a dummy network interface with a private, non-
loopback, IP address? This is pretty much what I do on my laptop.
-- Luke
>From: ms419 at freezone.co.uk
>Subject: "host/localhost" Principal
>To: kerberos at mit.edu
>Cc: Sam Hartman <hartmans at debian.org>
>Date: Thu, 1 Jan 2004 23:03:35 -0800
>
>If I try connecting to services running on the local machine using
>"localhost", instead of the machine's hostname, Kerberos authentication
>fails because the principal, "host/localhost" (or "ldap/localhost")
>doesn't exist. On a mobile system running a slave kdc and LDAP server,
>I sometimes have to connect using "localhost", when no other network
>interfaces are available.
>
>I perceive two solutions to this problem: 1) create a "host/localhost"
>(or "ldap/localhost) principal and install it in every machine's
>keytab. 2) change the reverse lookup of 127.0.0.1 from "localhost" to
>the machine's hostname.
>
>Are there any security issues with the first solution? Is either
>solution advisable?
>
>Thanks,
>
>Jack
>
>________________________________________________
>Kerberos mailing list Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list