Service principal with port number
Adam McLaurin
adam.mclaurin at fastmail.fm
Thu Oct 18 21:04:44 EDT 2012
Hi Greg,
Thanks for the quick reply.
The issue arises when we have multiple authenticating web servers
running on the same host but under different user accounts. Out of
necessity the web servers will need to run on different ports, but as
far as I know the web browser simply "guesses" the SPN by constructing
it as "HTTP/<hostname>". Without the port number, I don't know how to
distinguish the SPN for one server versus another. Perhaps I'm wrong
about how the browser constructs the SPN - if so please correct me.
Thanks,
Adam
On Thu, Oct 18, 2012, at 11:32 AM, Greg Hudson wrote:
> On 10/18/2012 11:11 AM, Adam McLaurin wrote:
> > I'm trying to understand how to use gss_import_name() followed by
> > gss_acquire_cred() for a service principal with a port number.
>
> RFC 2743 section 4.1 doesn't allow for a port number in hostbased
> service names, and we don't currently have any provisions in our code to
> account for one.
>
> Can you explain more about why you need a port number? We have an open
> bug which might be related to this issue, but probably need more detail
> in order to determine precisely what semantics we should have.
>
> http://krbdev.mit.edu/rt/Ticket/Display.html?id=7389&user=guest&pass=guest
>
More information about the krbdev
mailing list