Use of FQDN in key (Was: Solaris 10)

Turbo Fredriksson turbo at bayour.com
Tue Jan 10 03:27:19 EST 2006


Quoting "Douglas E. Engert" <deengert at anl.gov>:

> The kadmin/icarus at PHUSNIKN.NET should be kadmin/icarus.phusnikn.net at PHUSNIKN.NET
> i.e. host names in Kerberos are always FQDN.

Just for completeness, my extream curiosity etc. Why EXACTLY is that. If the
DNS works perfectly (both forward and reverse), then it should be possible to
NOT have the FQDN... ? And why not use IP's (other than if the IP change, the
key is invalid)?



More information about the Kerberos mailing list