Victor Sudakov vas at
Wed Jan 26 23:42:26 EST 2011

Greg Hudson wrote:
> > 
> > Is there a generic way for a kerberized server to configure which
> > acceptor principal it will use from the keytab? Why is it so that e.g. 
> > sshd uses a "host/foo" principal while svnserve uses a "svn/foo" principal?
> > Is it configured somewhere or hardcoded in the source? What if I
> > wanted sshd to use a "ssh/foo" principal?

> The choice of service principal is primarily made by the client.
> Typically the first component is determined by the application protocol.

Do you mean that the server will look up in the keytab whatever
principal the client has sent? So if I want a different principal
name, I should configure the client rather than the server?

Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet

More information about the Kerberos mailing list