Managed to setup Kerberos without DNS server. Things to remember..
(i) Have entries in /etc/hosts for all the machines, KDC server & kerberized server/client, so that the hostname is resolvable
Yup. Note too that the entries must agree on what the first-listed name is, though I've seen some systems that prefer using the FQDN and some that use just the first component.
(ii) Principals will be of the format <user>/[EMAIL PROTECTED] instead of <user>/[EMAIL PROTECTED]
Only if /etc/hosts lists the unqualified name first. Note that this won't be compatible with usage in a DNS environment, as it's not actually compliant with the specification (which says you use the FQDN).
(And, actually, I thought at one point I'd put together some code for looking at the second returned name if the first had no dots in it, but maybe I didn't check it in, or maybe you're listing only one host name.)
(iv) This method doesn't scale
True.
Ken
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
