In article <[EMAIL PROTECTED]>, Victor Sudakov <[EMAIL PROTECTED]> wrote: >Booker Bense wrote: >> > >> >Is a Kerberos principal always a DNS name? Can't an IP literal be used? >> > > >> It's whatever both sides of the connection argee that it should >> be BEFORE the connection is made. DNS names are used by default >> since that makes an easy out of band way to get both sides to agree. > >> You can use IP addrs if you can wrangle both client and server >> software into using them. I'm not aware of any standard clients >> that will support that kind of usage though. > >If we take for example an sshd server on a typical Unix host, how does >it figure out its own principal name? Suppose it has keys for >multiple principals in the keytab, which one would it choose? >
Whatever it's configured to choose. The default is host/[EMAIL PROTECTED] This can get quite complicated if you have multiple interfaces with different DNS names. Both the server and the client have to make a priori decisions about the principal the service uses. Choosing that principal is entirely up to the software. _ Booker C. Bense ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
