Hi all, I have a query regarding the usage of the kerberos pricipals of the format "<service>/<FQDN>@<REALM>". My question is can I use any other principal format other than <service>/<FQDN>@<REALM> ? The <service>/<FQDN>@<REALM> is the common convention used.
Giving an example, say for example, I am using a kerborized ftp application. As of now, the keytab entries , the service entry on KDC are having the ftp principal of the foramt, ftp/[EMAIL PROTECTED] I am able to successfully do ftp connection using kerberos. My requirement is to avoid use of fqdn. Can I do it ? can I use principal of my convenience ? I have noticed that when I start ftp client, by default it tries to get TGS of the form ftp/[EMAIL PROTECTED] If I have different entry for ftp service in the KDC, this will definitely fail. So does this requirement requires changes in ftp server code and client code ? 1) First of all can I do this way ( using ftp principal other than the standard method of using fqdn ) 2) Could anybody please tell me what are the issues involved here ? 3) Issues involved when all the systems in the realm are non windows machines 4) interoperability issues like when I use ftp server on linux and try to connect to it from windows machine. Regards, Sandy. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
