hostname for services vs. IP address
Chris Hecker
checker at d6.com
Tue Aug 9 03:56:19 EDT 2011
I want to have a UDP broadcast for the local subnet that looks for
services on machines that won't necessarily have a hostname in any
meaningful way (in other words, they'll have a hostname, but it's not
going to be in any kind of DNS, so I'll be connecting by raw IP), and
potentially a service directory that needs to be able to point to
machines by IP address. What's the right way to do service principals
in this case? Is service/129.168.1.5 a valid service principal? If
not, do I need to reply to queries about these machines with the
hostname they think they are, so the client can ask the KDC for a ticket
with that hostname?
More concretely:
- host a sends out a udp broadcast
- host b replies, currently with its listen ip address and port
- host a connects to b by ip:port
or, alternatively:
- host a contacts the directory
- the directory sends a a list of ip addresses and ports
- host a picks one and connects to ip:port
Now, how to kerberize this? The directory is trivially kerberizable
because it's at directory.example.com, but, what to return on queries,
whether UDP broadcast or directory queries? Do I have to return the
ip:port:hostname, so the client can form service/hostname at REALM and ask
the KDC for a ticket?
Thanks,
Chris
More information about the Kerberos
mailing list