Host principals
Sam Hartman
hartmans at MIT.EDU
Tue May 4 12:59:16 EDT 2004
>>>>> "Neulinger," == Neulinger, Nathan <nneul at umr.edu> writes:
Neulinger,> Host principals are not for the host to authenticate,
Neulinger,> it's for users to authenticate to that host. i.e. ssh
Neulinger,> w/ gssapi, krb telnet, krb ftp, etc.
No, it is for both.
No, actually host principals serve three purposes:
1) The one Nathan mentions--authenticating to the host.
2) Verifying local logins to the host--even on the console. This is
really a subset of 1, but is important even for hosts that you
don't want to ssh into.
3) For the host to authenticate as itself in order to connect to other
services. For example, you typically run backups and other
host-based services like that authenticated as the host.
Note that purposes 2 and 3 only require the host have some principal,
not that the principal match the current hostname.
--Sam
More information about the Kerberos
mailing list