GSS_C_NO_NAME for desired_name?

Russ Allbery rra at stanford.edu
Sat Jan 1 13:08:55 EST 2011


Brian Candler <B.Candler at pobox.com> writes:

> So if I understand it right, there isn't a problem with allowing a service
> to decrypt a ticket using any key in the keytab.  The problem is putting
> multiple service principals' keys in the same keytab in the first place.

> Does that make sense?

Yeah, that's the general consensus of most of us who run Kerberos, which
is the reason why people generally don't worry very much about software
accepting any key in the keytab.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list