'host' principals

Jeff Blaine jblaine at kickflop.net
Mon Jan 8 20:45:55 EST 2007


[ Really embarassing complete brain failure ]

When I played with MIT Kerberos 1.4.3 11 months ago, I understood
this concept.  Apparently I'm not aging gracefully, as I can't
seem to find the documentation that got me through it.

I see no real explanation of 'host' principals in the MIT
docs.  There are references to creating them for slave KDCs,
but I'm kind of left scratching my head at the concept.

In the case of the slave KDC, I can understand the situation.
The slave KDC process needs to auth itself to the KDC in order
to receive database propagations... right?

It's my understanding that any Kerberos application server
(let's say we're going to offer FTP service) needs to have
a host principal for the FTP server host *in addition to*
an ftp/whatever principal.  Why?  I am clearly failing to
remember something incredibly simple that is not spelled out
well in the docs.



More information about the Kerberos mailing list