I have a proposal. Let me know if this is a good idea to go about! 1. Generate seperate keytab file for each target. 2. Merge the keytabs into a common keytab file. 3. While configuring the target make sure they will use only the part of the keytab ment for them.
This way the security is also not compromised. Group, Are there any other similar approaches? Regards Viswa Markus Moeller wrote: > This type of setup won't work. You have to differentiate between what is > possible with Kerberos/GSSAPI and how are existing applications (e.g. > telnet,ftp,HTTP) using it. With telnet,ftp,HTTP you are bound to DNS > resolutions (A record and reverse, hosts files are possible but painful). If > you write your own Kerberos/GSSAPI applications you can define it yourself > and can do it independant of DNS. > > Regards > Markus > > <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Hi, > > > > If I go for the same keytab knowing that there is compromise of > > security, I have some questions. > > > > Assuming that I have a windows 2003 KDC. I have two linux machines. I > > will add a user account and generate a keytab file using ktpass. Please > > note that the ktpass tool requires us to specify host/<fqdn>. I will > > now copy the same keytab file to both these linux machines. Now from > > another windows XP I will try to connect to one linux machine using > > telnet. My question is how will the windows XP machine connect to the > > correct linux machine ? How will the identification of the correct > > telnet server happen if both linux machines are running telnet daemon? > > > > > > - Sandy. > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
