Turning off hostname canonicalisation
Henry B. Hotz
hotz at jpl.nasa.gov
Mon Sep 12 14:16:08 EDT 2005
OK.
As implied by my question, I think it should be settable by "service".
I can imagine needing one setting to support the SPNEGO stuff for web,
but a different setting for kerberized telnet. Hope that doesn't make
it "really hard" to do right though.
On Sep 12, 2005, at 10:14 AM, Jeffrey Altman wrote:
> The answer is 'no'. Settings in [appdefaults] are not for reading by
> the Kerberos libraries. They are for reading by the application.
>
> Jeffrey Altman
>
>
> Henry B. Hotz wrote:
>
>> As another branch of this subject tree: The option being discussed is
>> for [libdefaults]. Will the parsing code pick it up in [appdeafaults]
>> as well? I would imagine that different app's might be coded
>> differently and might need different behavior to work correctly.
>>
>> On Sep 12, 2005, at 9:02 AM, krbdev-request at mit.edu wrote:
>>
>>> Without
>>> canonicalisation I would need to create keytab for app.test.com and
>>> distribute to every system, which can be painful in a bigger
>>> environment. So
>>> I see a need to keep canonicalisation on a service by service case
>>> and not
>>> as a global switch.
>>
>> ----------------------------------------------------------------------
>> --
>> ----
>> The opinions expressed in this message are mine,
>> not those of Caltech, JPL, NASA, or the US Government.
>> Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
>>
>> _______________________________________________
>> krbdev mailing list krbdev at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/krbdev
>>
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list