What about using a dummy network interface with a private, non- loopback, IP address? This is pretty much what I do on my laptop.
-- Luke >From: [EMAIL PROTECTED] >Subject: "host/localhost" Principal >To: [EMAIL PROTECTED] >Cc: Sam Hartman <[EMAIL PROTECTED]> >Date: Thu, 1 Jan 2004 23:03:35 -0800 > >If I try connecting to services running on the local machine using >"localhost", instead of the machine's hostname, Kerberos authentication >fails because the principal, "host/localhost" (or "ldap/localhost") >doesn't exist. On a mobile system running a slave kdc and LDAP server, >I sometimes have to connect using "localhost", when no other network >interfaces are available. > >I perceive two solutions to this problem: 1) create a "host/localhost" >(or "ldap/localhost) principal and install it in every machine's >keytab. 2) change the reverse lookup of 127.0.0.1 from "localhost" to >the machine's hostname. > >Are there any security issues with the first solution? Is either >solution advisable? > >Thanks, > >Jack > >________________________________________________ >Kerberos mailing list [EMAIL PROTECTED] >https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
