Is a Kerberos principal always a DNS name?
vas at mpeks.no-spam-here.tomsk.su
Thu Apr 24 22:07:32 EDT 2008
Booker Bense wrote:
> >Is a Kerberos principal always a DNS name? Can't an IP literal be used?
> It's whatever both sides of the connection argee that it should
> be BEFORE the connection is made. DNS names are used by default
> since that makes an easy out of band way to get both sides to agree.
> You can use IP addrs if you can wrangle both client and server
> software into using them. I'm not aware of any standard clients
> that will support that kind of usage though.
If we take for example an sshd server on a typical Unix host, how does
it figure out its own principal name? Suppose it has keys for
multiple principals in the keytab, which one would it choose?
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Kerberos