Possible to use only IP addresses in MIT Kerberos (ie: disable DNS name resolution)?
Jeremy Hunt
jeremyh at optimation.com.au
Sun Nov 27 17:27:52 EST 2005
Including the following entry in the libdefaults section of krb5.conf
dns_lookup_kdc = false
will probably work.
and if you don't want dns for the realm either, then add the following
entry as well:
dns_lookup_realm = false
See /krb5/man/man5/krb5.conf.5 for details.
rchowneltura at hotmail.com wrote:
> [safeTgram (optim1) receive status: NOT encrypted, NOT signed.]
>
>
> Hi, I am investigating kerberizing of our application using
> MIT Kerberos5. Due to the nature of our application,
> we cannot use DNS and must use host IP addresses
> instead of hostnames during authentication.
>
> However (I'm a Kerberos newbie), there doesn't seem
> to be a way to disable name resolution. For example,
> I can't specify IP addresses for the KDC/kadmind
> host in krb5.conf, it doesn't seem to work.
>
> Has anybody had success in configuring only IP addresses
> in MIT Kerberos5, or perhaps give me any tips?
>
> Thanks, Richard
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
>
>
More information about the Kerberos
mailing list