Use of FQDN in key (Was: Solaris 10)
Ken Raeburn
raeburn at MIT.EDU
Tue Jan 10 04:40:42 EST 2006
On Jan 10, 2006, at 03:27, Turbo Fredriksson wrote:
> Quoting "Douglas E. Engert" <deengert at anl.gov>:
>> The kadmin/icarus at PHUSNIKN.NET should be kadmin/
>> icarus.phusnikn.net at PHUSNIKN.NET
>> i.e. host names in Kerberos are always FQDN.
>
> Just for completeness, my extream curiosity etc. Why EXACTLY is
> that. If the
> DNS works perfectly (both forward and reverse), then it should be
> possible to
> NOT have the FQDN... ?
There may be hosts from multiple subdomains in one realm. For
example, foo.dev.example.com and foo.sales.example.com; if you use
only the first component, host/foo at EXAMPLE.COM corresponds to which...?
> And why not use IP's (other than if the IP change, the
> key is invalid)?
Isn't that a pretty good reason right there?
Also, a host may have multiple IP addresses. (Then again, it may
also have multiple names....)
Ken
More information about the Kerberos
mailing list