Victor Sudakov wrote: > Colleagues, > > Is a Kerberos principal always a DNS name? Can't an IP literal be used?
I think they must be names, but don't have to be in DNS. The name could be in /etc/hosts. The client and server must agree on the name of the server, and the KDC has to have a service principal for the server. IPs don't tend to work, and the IP number of the service changes, with DHCP for example, each service would have to have a keytab with the old and new IP numbers, which is not practical, and could have some security issues. > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
