"host/localhost" Principal

[ms419]

If I try connecting to services running on the local machine using 
"localhost", instead of the machine's hostname, Kerberos authentication 
fails because the principal, "host/localhost" (or "ldap/localhost") 
doesn't exist. On a mobile system running a slave kdc and LDAP server, 
I sometimes have to connect using "localhost", when no other network 
interfaces are available.

I perceive two solutions to this problem: 1) create a "host/localhost" 
(or "ldap/localhost) principal and install it in every machine's 
keytab. 2) change the reverse lookup of 127.0.0.1 from "localhost" to 
the machine's hostname.

Are there any security issues with the first solution? Is either 
solution advisable?

Thanks,

Jack

________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos