On Tuesday, Feb 10, 2004, at 21:48 US/Eastern, Russ Allbery wrote:
Is it necessary to add the service?
It depends entirely on what your ftp server and client are using to do
authentication. It looks like the version that comes with MIT tries
ftp/hostname.example.com and then falls back on host/hostname.example.com
if the former doesn't exist.
I believe this is what the ftp gssapi spec says to do -- try one, and if it doesn't exist, use the other. (I believe the spec says you fall back if the principal doesn't exist in the database, so if it's in the database and wasn't added to the keytab, you're probably supposed to lose. But I'd have to check the spec to be certain.)
In the general case, yes, you'd need to add the service principal to both the database and the appropriate keytab file.
Ken
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
