In article <[EMAIL PROTECTED]>, Victor Sudakov <[EMAIL PROTECTED]> wrote: >Douglas E. Engert wrote: >> > >> > Is a Kerberos principal always a DNS name? Can't an IP literal be used? > >> I think they must be names, but don't have to be in DNS. The name could >> be in /etc/hosts. The client and server must agree on the name of the >> server, and the KDC has to have a service principal for the server. > >> IPs don't tend to work, and the IP number of the service changes, >> with DHCP for example, each service would have to have a keytab >> with the old and new IP numbers, which is not practical, and could >> have some security issues. > >I thought that sometimes it would be convenient to have a principal >like host/[EMAIL PROTECTED] to be able to ssh into 10.1.1.1 without >giving it a name. This is not possible, is it? >
It's just a simple[1] matter of coding... Out of the box I don't think it's possible. RSA keys make a lot more sense in that scenerio, IMHO. _ Booker C. Bense [1]_ For excedingly high values of simple... ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
