host-based princname canon (Re: Null realms and servers)
Nicolas Williams
Nicolas.Williams at sun.com
Wed Dec 20 17:16:49 EST 2006
On Wed, Dec 20, 2006 at 03:26:49PM -0500, Ken Raeburn wrote:
> On Dec 20, 2006, at 13:04, Nicolas Williams wrote:
> > An algorithm for hostname canonicalization in krb5_get_credentials()
> > with search lists but w/o DNS:
> >
> > for (domain in searchlist) {
> > if (get_svc_ticket(fqdn = short_form_hostname || '.' || domain))
> > return (fqdn);
> > }
> >
> > return (short_form_hostname || '.' || searchlist[0]);
>
> So if the name exists in multiple domains in the search list, the
> result here depends on whether the service in question is available
> on any of those hosts. Or do you want to try something common like
> "host" for hostname resolution, and then go back and try to get the
> service ticket?
Yes.
More information about the krbdev
mailing list