[krbdev.mit.edu #8332] gss_init_sec_context w/host@<hostname> fails with anonymous tickets
Russ Allbery via RT
rt-comment at krbdev.mit.edu
Thu Dec 24 12:24:21 EST 2015
"Greg Hudson via RT" <rt-comment at krbdev.mit.edu> writes:
> We do have a hostrealm pluggable interface starting in 1.12, so in
> theory you could write a hostrealm module which supplies the service
> principal realm as an authoritative realm, perhaps using wildcard
> matching. Deploying such a module to all of the clients may not be
> attractive, depending on your environment.
Oh, interesting, thank you. That may very well be an option for us.
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the krb5-bugs
mailing list