Douglas E. Engert wrote: > > > > Is a Kerberos principal always a DNS name? Can't an IP literal be used?
> I think they must be names, but don't have to be in DNS. The name could > be in /etc/hosts. The client and server must agree on the name of the > server, and the KDC has to have a service principal for the server. > IPs don't tend to work, and the IP number of the service changes, > with DHCP for example, each service would have to have a keytab > with the old and new IP numbers, which is not practical, and could > have some security issues. I thought that sometimes it would be convenient to have a principal like host/[EMAIL PROTECTED] to be able to ssh into 10.1.1.1 without giving it a name. This is not possible, is it? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/[EMAIL PROTECTED] http://vas.tomsk.ru/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
