> If we take for example an sshd server on a typical Unix host, how does > it figure out its own principal name? Suppose it has keys for > multiple principals in the keytab, which one would it choose?
I can't speak for how sshd does it, but the way it should be done is that the server leaves the 'server' arg to krb5_rd_req (or krb5_recvauth) unspecified then the library code will grab the name of the server principal out of the request. Then upon successful return the server can check that the principal used was acceptable to it. John ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
