krb5_sname_to_principal or LDAP/SASL/GSSAPI and reverse DNS

[Nicolas Williams]

On Wed, Apr 09, 2003 at 12:30:02PM -0400, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
> 
>     Nicolas> Anyone doing any take-over-the-identity-and-resources
>     Nicolas> sort of high availability with protocols that use
> 
> Yes, but a lot of us are talking about clustered services without this
> property.

Sharing the replay caches via a shared filesystem global to the cluster
still applies.

I realize that setting up such a thing may not always be easy, but
kerberized cluster services are a very good reason to do it and it can
be done with miniscule changes to MIT krb5.  I'd certainly like to see
anyone asking for reverse lookup canonicalization of host-based princ
names try it.

Cheers,

Nico
--