principal for ftp service ---> Can I use anything other than ftp/fqdn@REALM ?
sandypossible@gmail.com
sandypossible at gmail.com
Sat Apr 22 01:45:13 EDT 2006
Hi all,
I have a query regarding the usage of the kerberos pricipals of the
format "<service>/<FQDN>@<REALM>". My question is can I use any other
principal format other than <service>/<FQDN>@<REALM> ? The
<service>/<FQDN>@<REALM> is the common convention used.
Giving an example, say for example, I am using a kerborized ftp
application. As of now, the keytab entries , the service entry on KDC
are having the ftp principal of the foramt, ftp/fqdn at REALM. I am able
to successfully do ftp connection using kerberos.
My requirement is to avoid use of fqdn. Can I do it ? can I use
principal of my convenience ? I have noticed that when I start ftp
client, by default it tries to get TGS of the form ftp/fqdn at REALM. If I
have different entry for ftp service in the KDC, this will definitely
fail. So does this requirement requires changes in ftp server code and
client code ?
1) First of all can I do this way ( using ftp principal other than the
standard method of using fqdn )
2) Could anybody please tell me what are the issues involved here ?
3) Issues involved when all the systems in the realm are non windows
machines
4) interoperability issues like when I use ftp server on linux and try
to connect to it from windows machine.
Regards,
Sandy.
More information about the Kerberos
mailing list